Hi you read this part of the exempt, if you not need csrf https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#django.views.decorators.csrf.csrf_exempt
cheers On Mon, May 12, 2014 at 2:01 PM, Aseem Bansal <asmbans...@gmail.com> wrote: > Hi Sanjay > > I think you misunderstood a bit. The JS that I am talking about will not > be inside the web pages of the project. The JS is supposed to be used as a > Bookmarklet in the web browser. I intend to use the bookmarklet for sending > the current webpage's url to the app via a POST request. The app will then > store the URL. > > Here a problem due to CSRF token would occur becuase I can hard-code the > CSRF token in the JS for one environment but as I am not aware how the > token is generated it would be difficult to dynamically generate the token > in the JS for a different environment. For example if I tried to run the > app on a different computer than I will have to manually check the CSRF > token for that and change the hard-coding. > > > On Tuesday, May 13, 2014 12:57:40 AM UTC+5:30, Sanjay Bhangar wrote: > >> Hi Aseem, >> >> On Mon, May 12, 2014 at 11:25 PM, Aseem Bansal <asmba...@gmail.com> >> wrote: >> > I am new to Django and am learning it baically because I wanted to >> create a >> > BookMarker project. A project for managing bookmarks. For this I am >> going to >> > create a UI through Django and a JavaScript for sending the URLs to the >> app. >> > There is a problem of CSRF token in Django. I was able to do a dummy >> POST >> > request by sending the CSRF token hard-coded as a parameter. But I do >> not >> > understand how the CSRF tokens are generated. Can I just hard-code >> them? I >> > don't think that it should be possible otherwise there is no point of >> having >> > it in the first place. Should I consider turning off the CSRF >> middleware as >> > this is just local machine or should I keep it as a best practice and >> find a >> > way to generate the CSRF token in my JavaScript? That would suck but I >> am >> > out of opinions. >> > >> >> To use the csrf token and send it along with AJAX requests made in >> javascript, refer >> https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax . >> >> It should be fairly straightforward following steps there. Let know if >> anything is unclear or does not work. >> >> > Also when you are doing Django projects and need to deal with JS then >> what >> > do you do? I mean is there an alternative for JS in Django? >> > >> > If any of these questions doesn't make any sense please tell and I will >> try >> > to improve these. Just tell what doesn't make sense. >> > >> >> Hope the documentation makes sense, otherwise just search for "django >> ajax csrf token" or so and you should find quite a lot of examples >> online :) >> >> All the best. >> -Sanjay >> > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at http://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/971c8426-16a7-4fb3-8d5c-36b8d8d9b1a2%40googlegroups.com<https://groups.google.com/d/msgid/django-users/971c8426-16a7-4fb3-8d5c-36b8d8d9b1a2%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAM-7rO0axQxvpjt4%2B9R23k_kB7-hb4zy2y_-jfJPtLma%2BaTvkQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
