Re: CSRF verification failed when I use smart phone

2015-01-30 Thread Zach Borboa 


Here's an example of the csrf cookie value obtained by typing 
document.cookie in the javascript console.



-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/3879ce91-fa33-4e6f-a57b-d51abf6052e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: CSRF verification failed when I use smart phone

2015-01-30 Thread Zach Borboa 
What you want to compare is the expected token value and the token value 
the view received (via POST, PUT, DELETE, etc.). These values need to 
match. Printing out the token via {{ csrf_token }} in the template will 
show you the token that the view will receive when the form is submitted. 
This submitted value needs to match the value in the cookie named csrftoken.


On Friday, January 30, 2015 at 1:59:45 PM UTC-8, Pouria M wrote:
>
> Thanks Zach. 
> What are your thoughts after this test? if they match or if they don't 
> match
>
> On Wednesday, January 28, 2015 at 9:46:23 PM UTC-8, Zach Borboa wrote:
>>
>> For anyone trying to debug this issue, you may want to print out the 
>> variable using {{ csrf_token }} as well as using {% csrf_token %} on the 
>> form to verify the token is correct.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/e7d8ec73-4fc1-44bf-9424-77edb20d4bb0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: CSRF verification failed when I use smart phone

2015-01-28 Thread Zach Borboa 
For anyone trying to debug this issue, you may want to print out the 
variable using {{ csrf_token }} as well as using {% csrf_token %} on the 
form to verify the token is correct.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/24ac2c16-d2f4-4e52-93b1-7058101e8a61%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: CSRF verification failed when I use smart phone

2015-01-08 Thread Zach Borboa 
Mobile device could also be caching an incorrect csrf token.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/a2f6a467-5530-44ec-841c-9599e66456bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Rotate the CSRF token on every request

2014-11-01 Thread Zach Borboa 
Rotating the CSRF token on every request is probably not a great idea. 
Tokens will become invalidated when multiple tabs are open.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/5b4f5bfd-c2b8-4c59-9502-468709f0f269%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Spammed with 'Invalid HTTP_HOST header' messages

2013-12-06 Thread Zach Borboa 
Can you not add a filter to your logger 
handler? http://stackoverflow.com/a/19534738



On Friday, December 6, 2013 8:28:37 AM UTC-8, Jon Dufresne wrote:
>
> On Fri, Dec 6, 2013 at 7:47 AM, Zach Borboa > 
> wrote: 
> > SuspiciousOperation should now return a 400 error [1]. 
>
> It is true, the response is a 400 Bad Request error, but I still 
> receive emails going to my admins/managers email account. I thought 
> 400 errors shouldn't be mailed out. I would prefer to avoid installing 
> Sentry if there is a simple fix. Any ideas? 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/452abce6-ffee-4e08-ba0e-13b03701f6c6%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: Spammed with 'Invalid HTTP_HOST header' messages

2013-12-06 Thread Zach Borboa 
SuspiciousOperation should now return a 400 error [1]. You could also use 
something like Sentry [2] or filter these messages.

[1] https://code.djangoproject.com/ticket/19866
[2] https://github.com/getsentry/sentry
[3] http://stackoverflow.com/a/19534738

On Thursday, December 5, 2013 11:21:33 AM UTC-8, Jon Dufresne wrote:
>
> I am running Django 1.6. 
>
> I receive a lot of false positive errors from my Django application 
> when accessed with an invalid HTTP_HOST. I have verified that these 
> are in fact HTTP_HOST values that I am not interested in. So I *do* 
> want to return an error to the user. However, it doesn't help me as an 
> admin to receive an email every time this happens. 
>
> What is the most straight forward way to prevent these errors from 
> emailing the admins? I want to continue to receive other errors. 
>
> Thanks, 
> Jon 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/575fa704-ebae-4642-bda5-e6c55cd46249%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Settings for different environments

2013-02-17 Thread Zach Borboa 
Yet another approach to using local development settings versus production 
settings. Here's something I've been using that I wanted to share. Thanks

https://github.com/django-settings/django-settings

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.