The CSRF token changes in django are relatively new. To be honest, I haven't looked at implementing the changes required to make this work correctly.
Your approach seems to be in the right direction. Maybe others have tackled this and can point out the issues and help us get a patch into tip. -Chris On Fri, Feb 18, 2011 at 11:43 AM, phazlett <[email protected]> wrote: > I just started using Satchmo, so I'm a complete noobie. > > I've got the store working using Chris Moffitt's installation steps and > virutalenv. I enabled 4 countries in the admin Store Configurations, > specifically US, Puerto Rico, Canada, and the UK. > > On step one of the check out process I see the country drop down lists for > billing and shipping addresses, but when I change the selected country the > corresponding AJAX request to refresh the state/province drop down results > in a CSRF verification failure because no CSRF header is passed with the > AJAX request. > > So I > copied > /src/satchmo/satchmo/apps/satchmo_store/contact/templates/contact/_state_js.html > to <myproject>/templates/contact/ and patched it as follows: > > +++ ./_state_js.html 2011-02-18 12:32:48.876976001 -0500 > @@ -51,7 +51,10 @@ > data: data, > success: success, > error: error, > - dataType: "html" > + dataType: "html", > + beforeSend: function(xhr) { > + xhr.setRequestHeader("X-CSRFToken", > $('input[name$="csrfmiddlewaretoken"]').val()); > + } > > Now ngrep reveals that a cookie called "csrftoken" is being passed, but > Django seems to want a custom header called "X-CSRFToken" as > documented<http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax>. > I'm using Satchmo from trunk (pulled today) and Django 1.2.5. > > My question is this; it seems to me that this should have been working > already yet I can't find any one reporting that it's broken. This leads me > to assume that I've overlooked something simple. > > Can anyone give me some suggestions? > > Regards, > Paul > > -- > You received this message because you are subscribed to the Google Groups > "Satchmo users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/satchmo-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Satchmo users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en.
