See, if this
helps: https://stackoverflow.com/questions/8614947/jquery-and-django-csrf-token
On Tuesday, November 7, 2017 at 10:25:47 PM UTC+5:30, Tony King wrote:
>
>
> Hi,
>
> I thought I'd finally understood this but it seems I have not and I've
> spent far too much time trying to do it myself.
>
> I have a view rendering to the template below, which is displaying a
> number of buttons that when clicked will execute another Python function in
> the views.py. This works fine if I disable the CSRF protection but as I've
> read this is not good practice, I'm desperately trying to get the token
> included in POST request. I thought I'd finally cracked it yesterday
> having found the sample code in the documentation and indeed it appeared to
> work until first I tried my project in a different browser and then
> subsequently cleared the cache of Chrome.
>
> What am I doing wrong here?
>
> I've not included the views.py as I'm assuming the issue is in the
> JavaScript.
>
>
> index.html
> {% load static %}
>
> <head>
> <!-- <script src="{% static 'jquery-3.2.1.min.js' %}"></script> -->
> <!-- <script src="static/jquery-3.2.1.min.js"></script> -->
> <script src="
> https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js";></script
> >
> </head>
>
> <script>
> function getCookie(name) {
> var cookieValue = null;
> if (document.cookie && document.cookie !== '') {
> var cookies = document.cookie.split(';');
> for (var i = 0; i < cookies.length; i++) {
> var cookie = jQuery.trim(cookies[i]);
> // Does this cookie string begin with the name we want?
> if (cookie.substring(0, name.length + 1) === (name + '=')) {
> cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
> break;
> }
> }
> }
> return cookieValue;
> }
> var csrftoken = getCookie('csrftoken');
> $.ajaxSetup({
> beforeSend: function(xhr, settings) {
> xhr.setRequestHeader("X-CSRFToken", csrftoken);
> }
> });
> </script>
>
> <body>
> <div>
> <h1 id='hdr_1'>{{ hdr1 }}</h1>
> </div>
>
> <table>
> <tr>
> {% if my_apps_list %}
> {% for my_apps in my_apps_list %}
> <td>
> <button type="button" id="app{{ forloop.counter }}">
> <img src="{% static my_apps.app_icon %}" alt="{{ my_apps.app_name }}"
> height="132" width="192">
> </button><br><br>
> <script>
> $("#app{{ forloop.counter }}").click( function() {
> $.post("{% url 'launch' %}",
> {'appname': '{{ my_apps.app_name }}',
> 'apppath': '{{ my_apps.app_path }}',
> 'appexe': '{{ my_apps.app_exe }}',
> 'appargs': '{{ my_apps.app_args }}',
> 'appusr': '{{ my_apps.app_user }}',
> 'apppwd': '{{ my_apps.app_pwd }}',
> 'applook4': '{{ my_apps.app_wait4 }}',
> 'appdelay': '{{ my_apps.app_delay }}',
> 'appkeys': '{{ my_apps.app_keys }}'
> }, function (msg) {
> document.getElementById('appstatus').innerHTML = msg;
> });
> });
> </script>
> </td>
> {% endfor %}
> </tr>
> </table>
>
> <br>
> <p id='appstatus'></p>
>
> {% else %}
> <p>No applications are available.</p>
> {% endif %}
>
> </body>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/78149606-ec95-458a-9af8-45f2fa138f00%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
