Re: CSRF Verification fails in production for Cross Domain POST request

2019-04-25 Thread Gil Obradors 
When I have problems with csrf and POST, I usually put a
print(request.POST) into a view function, to see what the framework recives
from client

help you?


Missatge de suresh  del dia dj., 25 d’abr. 2019 a les
8:20:

> The HTTP_X_CSRFTOKEN header does not match what is inside the csrftoken
> cookie.
>
> How can I examine the cookie? Set-Cookie is not displayed in the
> Response header for Cross Domain requests.
>
> I have already followed instructions found in:
>
>
> https://stackoverflow.com/questions/39254562/csrf-with-django-reactredux-using-axios
>
> Interestingly I found "X-CSRFTOKEN" translates to "HTTP_X_CSRFTOKEN" on
> the server request header.
>
> Thanks for any help.
>
> Suresh
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/q9rj8u%24nlf%241%40blaine.gmane.org
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAK-JoTR5wGPvkbHkzcBZELrYL_nGCDbXN3C_SdGPHs4Ci-wOBA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

CSRF Verification fails in production for Cross Domain POST request

2019-04-25 Thread suresh 
The HTTP_X_CSRFTOKEN header does not match what is inside the csrftoken 
cookie.


How can I examine the cookie? Set-Cookie is not displayed in the 
Response header for Cross Domain requests.


I have already followed instructions found in:

https://stackoverflow.com/questions/39254562/csrf-with-django-reactredux-using-axios

Interestingly I found "X-CSRFTOKEN" translates to "HTTP_X_CSRFTOKEN" on 
the server request header.


Thanks for any help.

Suresh

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/q9rj8u%24nlf%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: Cross Domain POST Request

2010-10-22 Thread Masklinn 
On 2010-10-22, at 11:53 , Viet Nguyen wrote:
> Hi there, I am quite new to Django and encounters a problem which
> takes me a lot of time to figure out. As I known, Django provides some
> functionality to prevent cross domain AJAX requests.
Last time I checked, Django didn't integrate any ajaxy facilities and let 
developers do whatever they wanted on that front. In fact, Django would be 
quite unable to manage cross-domain xhr requests considering that's a feature 
of JS clients aka your web browser.

> However, using
> jQuery you can specify a callback (JSONP) and could talk and get data
> back from the server. For example:
> 
> $.getJSON('http://127.0.0.1:8000/biotool/prepDownload/login/?user=' +
> uName + '=' + pWord + '=?',
>   function (data) {
>   if (data != null) {
>   Load.displayPackages(data);
>   window.location = "#_sepa";
>   }
>   else {//request failed
>   var element = 
> document.getElementById("loginError");
>   element.innerHTML = "Could not authenticate 
> with server";
>   }
>   });
Please note that you're not doing what you're talking about at all here. jQuery 
provides built-in facilities for jsonp namely the 'jsonp' dataType which can be 
provided as an option to most jQuery ajax calls. But the code above doesn't use 
jsonp, as far as I can tell it uses regular json.

> However, for some cases, when you need to send a large amount of data
> to the server (in JSON format), you may have to use $.post(). This is
> a sample section of code:
> 
>  $.ajax( {
>'url': 'http://127.0.0.1:8000/biotool/
> prepDownload/test/',
>'type': 'POST',
> 'data': {'rowID': '2', 'taxon': 'aaa'},
>'success': function (s) {
> alert (s);
> } });
Again, you're not using jQuery's jsonp facilities here. But in any case, jsonp 
the way it is generally implemented (via

Cross Domain POST Request

2010-10-22 Thread Viet Nguyen 
Hi there, I am quite new to Django and encounters a problem which
takes me a lot of time to figure out. As I known, Django provides some
functionality to prevent cross domain AJAX requests. However, using
jQuery you can specify a callback (JSONP) and could talk and get data
back from the server. For example:

 $.getJSON('http://127.0.0.1:8000/biotool/prepDownload/login/?user=' +
uName + '=' + pWord + '=?',
function (data) {
if (data != null) {
Load.displayPackages(data);
window.location = "#_sepa";
}
else {//request failed
var element = 
document.getElementById("loginError");
element.innerHTML = "Could not authenticate 
with server";
}
});
However, for some cases, when you need to send a large amount of data
to the server (in JSON format), you may have to use $.post(). This is
a sample section of code:

  $.ajax( {
'url': 'http://127.0.0.1:8000/biotool/
prepDownload/test/',
'type': 'POST',
 'data': {'rowID': '2', 'taxon': 'aaa'},
'success': function (s) {
 alert (s);
 } });

My views.py:

def test(request):
print request.POST
print request.GET
return HttpResponse('test')
The problem is the request.POST is empty. If I set the 'type' to GET:
the request.GET contains 2 elements which I sent as parameters. I have
searched the web for ages and did not find a solution to this problem.
I can solve the problem using GET, however, the data I sent may be
large and requires some kinds of structure. Please if anybody has
experience on this. There is a user with similar problems:

http://groups.google.com/group/django-users/browse_thread/thread/d01903c1a85f79ed/8573e61b2f8e296d?lnk=gst=external+post+request#8573e61b2f8e296d

I have disabled all CSRF protections just to test this.
P/s: I have a log in page and some other pages using jQuery to
generate cross domain GET requests and they work fine. The problem
only arises when I use POST.

Thanks,
Viet Nguyen

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.