I just started using Satchmo, so I'm a complete noobie.
I've got the store working using Chris Moffitt's installation steps and
virutalenv. I enabled 4 countries in the admin Store Configurations,
specifically US, Puerto Rico, Canada, and the UK.
On step one of the check out process I see the country drop down lists for
billing and shipping addresses, but when I change the selected country the
corresponding AJAX request to refresh the state/province drop down results
in a CSRF verification failure because no CSRF header is passed with the
AJAX request.
So I
copied
/src/satchmo/satchmo/apps/satchmo_store/contact/templates/contact/_state_js.html
to <myproject>/templates/contact/ and patched it as follows:
+++ ./_state_js.html 2011-02-18 12:32:48.876976001 -0500
@@ -51,7 +51,10 @@
data: data,
success: success,
error: error,
- dataType: "html"
+ dataType: "html",
+ beforeSend: function(xhr) {
+ xhr.setRequestHeader("X-CSRFToken",
$('input[name$="csrfmiddlewaretoken"]').val());
+ }
Now ngrep reveals that a cookie called "csrftoken" is being passed, but
Django seems to want a custom header called "X-CSRFToken" as
documented<http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax>.
I'm using Satchmo from trunk (pulled today) and Django 1.2.5.
My question is this; it seems to me that this should have been working
already yet I can't find any one reporting that it's broken. This leads me
to assume that I've overlooked something simple.
Can anyone give me some suggestions?
Regards,
Paul
--
You received this message because you are subscribed to the Google Groups
"Satchmo users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/satchmo-users?hl=en.
