subject:"Re\: Disabling CSRF is not working."

Re: Disabling CSRF is not working.

2012-10-09 Thread Laxmikant Gurnalkar

Yeah, Thanks a lot. now I preferred to work with CSRF.

On Wed, Oct 10, 2012 at 2:24 AM, Bill Freeman  wrote:

> If you can't disable the middleware, you could consider marking the
> view with the csrf_exempt decorator from django.views.decorators.csrf
> (see https://docs/djangoproject.com/en/1.4/contrib/csrf/#utilities
>
> Bill
>
> On Sun, Oct 7, 2012 at 3:41 AM, Laxmikant Gurnalkar
>  wrote:
> > Thanks, for the response.
> > I had a problem like this
> >I was trying to create a  storesite which can be worked without django
> > framework but using django. i.e just static template index.html & a
> > java-script file. With all the stuff dynamically generated & only urls by
> > the django, so that anybody can use my index.html, just calls my server
> for
> > the url to display dynamic content using users information.
> > so for this purpose I had a cookies resided in my browser and I was
> trying
> > to create database objecst using javascript with api urls.
> >
> > When I studied CSRF in detail, I understood that, private dynamic
> > javascript cookies cannot be directly used to  retrieve or access the
> > database related to your site. Hence, my javascript was considered by
> django
> > as a malicious/attack content and thrown a 403 forbidden error. So I was
> > trying to remove the CSRF from my project. But Failed. Due to the same
> > reason as you guys have told me.
> > So on understanding CSRF  just removed code of cookies & just added
> > parameters to url just before when user refreshes the page. And whole
> thing
> > worked.  That was the Great  experience.
> >
> > anyways,
> > Plz tell me if I can hv any other method to do this. adding parameters to
> > url is definitely not secure always.
> >
> > One more thing I am using csrf_exempt to handle api views.
> >
> > Thanks a lot again.
> >
> > On Sat, Oct 6, 2012 at 4:38 AM, Bill Freeman  wrote:
> >>
> >> Right you are.
> >>
> >> On Fri, Oct 5, 2012 at 6:20 PM, Ian Clelland 
> wrote:
> >> >
> >> >
> >> > On Friday, October 5, 2012, Bill Freeman wrote:
> >> >>
> >> >> I believe that I read somewhere that newer Djangos force the CSRF
> >> >> middleware even if it's not listed in MIDDLEWARE_CLASSES.
> >> >
> >> >
> >> > You might be thinking of the CSRF context processor, which is always
> >> > enabled, no matter what is in settings. Even the most recent docs
> don't
> >> > say
> >> > anything about forcing the middleware.
> >> >>
> >> >>
> >> >> You could dive into the middleware code to see how this happens, and
> >> >> come up with a stable strategy to circumvent it.  Or you could just
> >> >> fix the necessary views and templates.  There is, after all, a chance
> >> >> that you will want to be able to upgrade this site without jumping
> >> >> through hoops.
> >> >>
> >> >> On Thu, Oct 4, 2012 at 4:56 AM, Laxmikant Gurnalkar
> >> >>  wrote:
> >> >> > Hi, Guys
> >> >> >
> >> >> > Disabling CSRF is not working.
> >> >> > These are my midlewares., Removed {% csrf_token %} all templates.
> >> >> >
> >> >> > MIDDLEWARE_CLASSES = (
> >> >> > 'django.middleware.common.CommonMiddleware',
> >> >> > 'django.contrib.sessions.middleware.SessionMiddleware',
> >> >> ># 'django.middleware.csrf.CsrfViewMiddleware',
> >> >> > 'django.contrib.auth.middleware.AuthenticationMiddleware',
> >> >> > #'django.contrib.messages.middleware.MessageMiddleware',
> >> >> > #'django.middleware.csrf.CsrfResponseMiddleware',
> >> >> > # 'igp_acfs.acfs.disablecsrf.DisableCSRF',
> >> >> > )
> >> >> >
> >> >> >
> >> >> > Also tried by writing disablecsrf.py like this :
> >> >> >
> >> >> > class DisableCSRF(object):
> >> >> > def process_request(self, request):
> >> >> > """
> >> >> > """
> >> >> > setattr(request, '_dont_enforce_csrf_checks', True)
> >> >> >
> >> >> >
> >> >> > Thanks in Advance!!!
> >> >> >
> >> >> > Laxmikant
> >> >> >
> >> >> > --
> >> >> > You received this message because you are subscribed to the Google
> >> >> > Groups
> >> >> > "Django users" group.
> >> >> > To post to this group, send email to django-users@googlegroups.com
> .
> >> >> > To unsubscribe from this group, send email to
> >> >> > django-users+unsubscr...@googlegroups.com.
> >> >> > For more options, visit this group at
> >> >> > http://groups.google.com/group/django-users?hl=en.
> >> >>
> >> >> --
> >> >> You received this message because you are subscribed to the Google
> >> >> Groups
> >> >> "Django users" group.
> >> >> To post to this group, send email to django-users@googlegroups.com.
> >> >> To unsubscribe from this group, send email to
> >> >> django-users+unsubscr...@googlegroups.com.
> >> >> For more options, visit this group at
> >> >> http://groups.google.com/group/django-users?hl=en.
> >> >>
> >> >
> >> >
> >> > --
> >> > Regards,
> >> > Ian Clelland
> >> > 
> >> >
> >> > --
> >> > You

Re: Disabling CSRF is not working.

2012-10-09 Thread Bill Freeman

If you can't disable the middleware, you could consider marking the
view with the csrf_exempt decorator from django.views.decorators.csrf
(see https://docs/djangoproject.com/en/1.4/contrib/csrf/#utilities

Bill

On Sun, Oct 7, 2012 at 3:41 AM, Laxmikant Gurnalkar
 wrote:
> Thanks, for the response.
> I had a problem like this
>I was trying to create a  storesite which can be worked without django
> framework but using django. i.e just static template index.html & a
> java-script file. With all the stuff dynamically generated & only urls by
> the django, so that anybody can use my index.html, just calls my server for
> the url to display dynamic content using users information.
> so for this purpose I had a cookies resided in my browser and I was trying
> to create database objecst using javascript with api urls.
>
> When I studied CSRF in detail, I understood that, private dynamic
> javascript cookies cannot be directly used to  retrieve or access the
> database related to your site. Hence, my javascript was considered by django
> as a malicious/attack content and thrown a 403 forbidden error. So I was
> trying to remove the CSRF from my project. But Failed. Due to the same
> reason as you guys have told me.
> So on understanding CSRF  just removed code of cookies & just added
> parameters to url just before when user refreshes the page. And whole thing
> worked.  That was the Great  experience.
>
> anyways,
> Plz tell me if I can hv any other method to do this. adding parameters to
> url is definitely not secure always.
>
> One more thing I am using csrf_exempt to handle api views.
>
> Thanks a lot again.
>
> On Sat, Oct 6, 2012 at 4:38 AM, Bill Freeman  wrote:
>>
>> Right you are.
>>
>> On Fri, Oct 5, 2012 at 6:20 PM, Ian Clelland  wrote:
>> >
>> >
>> > On Friday, October 5, 2012, Bill Freeman wrote:
>> >>
>> >> I believe that I read somewhere that newer Djangos force the CSRF
>> >> middleware even if it's not listed in MIDDLEWARE_CLASSES.
>> >
>> >
>> > You might be thinking of the CSRF context processor, which is always
>> > enabled, no matter what is in settings. Even the most recent docs don't
>> > say
>> > anything about forcing the middleware.
>> >>
>> >>
>> >> You could dive into the middleware code to see how this happens, and
>> >> come up with a stable strategy to circumvent it.  Or you could just
>> >> fix the necessary views and templates.  There is, after all, a chance
>> >> that you will want to be able to upgrade this site without jumping
>> >> through hoops.
>> >>
>> >> On Thu, Oct 4, 2012 at 4:56 AM, Laxmikant Gurnalkar
>> >>  wrote:
>> >> > Hi, Guys
>> >> >
>> >> > Disabling CSRF is not working.
>> >> > These are my midlewares., Removed {% csrf_token %} all templates.
>> >> >
>> >> > MIDDLEWARE_CLASSES = (
>> >> > 'django.middleware.common.CommonMiddleware',
>> >> > 'django.contrib.sessions.middleware.SessionMiddleware',
>> >> ># 'django.middleware.csrf.CsrfViewMiddleware',
>> >> > 'django.contrib.auth.middleware.AuthenticationMiddleware',
>> >> > #'django.contrib.messages.middleware.MessageMiddleware',
>> >> > #'django.middleware.csrf.CsrfResponseMiddleware',
>> >> > # 'igp_acfs.acfs.disablecsrf.DisableCSRF',
>> >> > )
>> >> >
>> >> >
>> >> > Also tried by writing disablecsrf.py like this :
>> >> >
>> >> > class DisableCSRF(object):
>> >> > def process_request(self, request):
>> >> > """
>> >> > """
>> >> > setattr(request, '_dont_enforce_csrf_checks', True)
>> >> >
>> >> >
>> >> > Thanks in Advance!!!
>> >> >
>> >> > Laxmikant
>> >> >
>> >> > --
>> >> > You received this message because you are subscribed to the Google
>> >> > Groups
>> >> > "Django users" group.
>> >> > To post to this group, send email to django-users@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > django-users+unsubscr...@googlegroups.com.
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/django-users?hl=en.
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> >> Groups
>> >> "Django users" group.
>> >> To post to this group, send email to django-users@googlegroups.com.
>> >> To unsubscribe from this group, send email to
>> >> django-users+unsubscr...@googlegroups.com.
>> >> For more options, visit this group at
>> >> http://groups.google.com/group/django-users?hl=en.
>> >>
>> >
>> >
>> > --
>> > Regards,
>> > Ian Clelland
>> > 
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Django users" group.
>> > To post to this group, send email to django-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > django-users+unsubscr...@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/django-users?hl=en.
>>
>> --
>>

Re: Disabling CSRF is not working.

2012-10-08 Thread Kurtis Mullins

Another solution would be to simply work with the CSRF Protection. It's not
really that hard, even when using Javascript. There's even a good, simple
example of using JQuery with it in the official documentation.

On Sun, Oct 7, 2012 at 3:41 AM, Laxmikant Gurnalkar <
laxmikant.gurnal...@gmail.com> wrote:

> Thanks, for the response.
> I had a problem like this
>I was trying to create a  storesite which can be worked without django
> framework but using django. i.e just static template index.html &
> a java-script file. With all the stuff dynamically generated & only urls by
> the django, so that anybody can use my index.html, just calls my server for
> the url to display dynamic content using users information.
> so for this purpose I had a cookies resided in my browser and I was trying
> to create database objecst using javascript with api urls.
>
> When I studied CSRF in detail, I understood that, *private dynamic
>  javascript cookies *cannot be directly used to  retrieve or access the
> database related to your site. Hence, my javascript was considered by
> django as a *malicious/attack *content and thrown a 403 forbidden error.
> So I was trying to remove the CSRF from my project. But* Failed. Due to
> the same reason as you guys have told me.*
> *So on understanding CSRF  just removed code of cookies & just added
> parameters to url just before when user refreshes the page. And whole thing
> worked.  That was the Great  experience.*
> *
> *
> *anyways,*
> *Plz tell me if I can hv any other method to do this. adding parameters
> to url is definitely not secure always.*
> *
> *
> *One more thing I am using csrf_exempt to handle api views.*
> *
> *
> *Thanks a lot again.*
> *
> *
> On Sat, Oct 6, 2012 at 4:38 AM, Bill Freeman  wrote:
>
>> Right you are.
>>
>> On Fri, Oct 5, 2012 at 6:20 PM, Ian Clelland  wrote:
>> >
>> >
>> > On Friday, October 5, 2012, Bill Freeman wrote:
>> >>
>> >> I believe that I read somewhere that newer Djangos force the CSRF
>> >> middleware even if it's not listed in MIDDLEWARE_CLASSES.
>> >
>> >
>> > You might be thinking of the CSRF context processor, which is always
>> > enabled, no matter what is in settings. Even the most recent docs don't
>> say
>> > anything about forcing the middleware.
>> >>
>> >>
>> >> You could dive into the middleware code to see how this happens, and
>> >> come up with a stable strategy to circumvent it.  Or you could just
>> >> fix the necessary views and templates.  There is, after all, a chance
>> >> that you will want to be able to upgrade this site without jumping
>> >> through hoops.
>> >>
>> >> On Thu, Oct 4, 2012 at 4:56 AM, Laxmikant Gurnalkar
>> >>  wrote:
>> >> > Hi, Guys
>> >> >
>> >> > Disabling CSRF is not working.
>> >> > These are my midlewares., Removed {% csrf_token %} all templates.
>> >> >
>> >> > MIDDLEWARE_CLASSES = (
>> >> > 'django.middleware.common.CommonMiddleware',
>> >> > 'django.contrib.sessions.middleware.SessionMiddleware',
>> >> ># 'django.middleware.csrf.CsrfViewMiddleware',
>> >> > 'django.contrib.auth.middleware.AuthenticationMiddleware',
>> >> > #'django.contrib.messages.middleware.MessageMiddleware',
>> >> > #'django.middleware.csrf.CsrfResponseMiddleware',
>> >> > # 'igp_acfs.acfs.disablecsrf.DisableCSRF',
>> >> > )
>> >> >
>> >> >
>> >> > Also tried by writing disablecsrf.py like this :
>> >> >
>> >> > class DisableCSRF(object):
>> >> > def process_request(self, request):
>> >> > """
>> >> > """
>> >> > setattr(request, '_dont_enforce_csrf_checks', True)
>> >> >
>> >> >
>> >> > Thanks in Advance!!!
>> >> >
>> >> > Laxmikant
>> >> >
>> >> > --
>> >> > You received this message because you are subscribed to the Google
>> >> > Groups
>> >> > "Django users" group.
>> >> > To post to this group, send email to django-users@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > django-users+unsubscr...@googlegroups.com.
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/django-users?hl=en.
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> Groups
>> >> "Django users" group.
>> >> To post to this group, send email to django-users@googlegroups.com.
>> >> To unsubscribe from this group, send email to
>> >> django-users+unsubscr...@googlegroups.com.
>> >> For more options, visit this group at
>> >> http://groups.google.com/group/django-users?hl=en.
>> >>
>> >
>> >
>> > --
>> > Regards,
>> > Ian Clelland
>> > 
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups
>> > "Django users" group.
>> > To post to this group, send email to django-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > django-users+unsubscr...@googlegroups.com.
>> > For more options, visit this group at
>> >

Re: Disabling CSRF is not working.

2012-10-07 Thread Laxmikant Gurnalkar

Thanks, for the response.
I had a problem like this
   I was trying to create a  storesite which can be worked without django
framework but using django. i.e just static template index.html &
a java-script file. With all the stuff dynamically generated & only urls by
the django, so that anybody can use my index.html, just calls my server for
the url to display dynamic content using users information.
so for this purpose I had a cookies resided in my browser and I was trying
to create database objecst using javascript with api urls.

When I studied CSRF in detail, I understood that, *private dynamic
 javascript cookies *cannot be directly used to  retrieve or access the
database related to your site. Hence, my javascript was considered by
django as a *malicious/attack *content and thrown a 403 forbidden error. So
I was trying to remove the CSRF from my project. But* Failed. Due to the
same reason as you guys have told me.*
*So on understanding CSRF  just removed code of cookies & just added
parameters to url just before when user refreshes the page. And whole thing
worked.  That was the Great  experience.*
*
*
*anyways,*
*Plz tell me if I can hv any other method to do this. adding parameters to
url is definitely not secure always.*
*
*
*One more thing I am using csrf_exempt to handle api views.*
*
*
*Thanks a lot again.*
*
*
On Sat, Oct 6, 2012 at 4:38 AM, Bill Freeman  wrote:

> Right you are.
>
> On Fri, Oct 5, 2012 at 6:20 PM, Ian Clelland  wrote:
> >
> >
> > On Friday, October 5, 2012, Bill Freeman wrote:
> >>
> >> I believe that I read somewhere that newer Djangos force the CSRF
> >> middleware even if it's not listed in MIDDLEWARE_CLASSES.
> >
> >
> > You might be thinking of the CSRF context processor, which is always
> > enabled, no matter what is in settings. Even the most recent docs don't
> say
> > anything about forcing the middleware.
> >>
> >>
> >> You could dive into the middleware code to see how this happens, and
> >> come up with a stable strategy to circumvent it.  Or you could just
> >> fix the necessary views and templates.  There is, after all, a chance
> >> that you will want to be able to upgrade this site without jumping
> >> through hoops.
> >>
> >> On Thu, Oct 4, 2012 at 4:56 AM, Laxmikant Gurnalkar
> >>  wrote:
> >> > Hi, Guys
> >> >
> >> > Disabling CSRF is not working.
> >> > These are my midlewares., Removed {% csrf_token %} all templates.
> >> >
> >> > MIDDLEWARE_CLASSES = (
> >> > 'django.middleware.common.CommonMiddleware',
> >> > 'django.contrib.sessions.middleware.SessionMiddleware',
> >> ># 'django.middleware.csrf.CsrfViewMiddleware',
> >> > 'django.contrib.auth.middleware.AuthenticationMiddleware',
> >> > #'django.contrib.messages.middleware.MessageMiddleware',
> >> > #'django.middleware.csrf.CsrfResponseMiddleware',
> >> > # 'igp_acfs.acfs.disablecsrf.DisableCSRF',
> >> > )
> >> >
> >> >
> >> > Also tried by writing disablecsrf.py like this :
> >> >
> >> > class DisableCSRF(object):
> >> > def process_request(self, request):
> >> > """
> >> > """
> >> > setattr(request, '_dont_enforce_csrf_checks', True)
> >> >
> >> >
> >> > Thanks in Advance!!!
> >> >
> >> > Laxmikant
> >> >
> >> > --
> >> > You received this message because you are subscribed to the Google
> >> > Groups
> >> > "Django users" group.
> >> > To post to this group, send email to django-users@googlegroups.com.
> >> > To unsubscribe from this group, send email to
> >> > django-users+unsubscr...@googlegroups.com.
> >> > For more options, visit this group at
> >> > http://groups.google.com/group/django-users?hl=en.
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Django users" group.
> >> To post to this group, send email to django-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> django-users+unsubscr...@googlegroups.com.
> >> For more options, visit this group at
> >> http://groups.google.com/group/django-users?hl=en.
> >>
> >
> >
> > --
> > Regards,
> > Ian Clelland
> > 
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Django users" group.
> > To post to this group, send email to django-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > django-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/django-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>


-- 
*

 GlxGuru

*

-- 
You received this message because you are

Re: Disabling CSRF is not working.

2012-10-05 Thread Bill Freeman

Right you are.

On Fri, Oct 5, 2012 at 6:20 PM, Ian Clelland  wrote:
>
>
> On Friday, October 5, 2012, Bill Freeman wrote:
>>
>> I believe that I read somewhere that newer Djangos force the CSRF
>> middleware even if it's not listed in MIDDLEWARE_CLASSES.
>
>
> You might be thinking of the CSRF context processor, which is always
> enabled, no matter what is in settings. Even the most recent docs don't say
> anything about forcing the middleware.
>>
>>
>> You could dive into the middleware code to see how this happens, and
>> come up with a stable strategy to circumvent it.  Or you could just
>> fix the necessary views and templates.  There is, after all, a chance
>> that you will want to be able to upgrade this site without jumping
>> through hoops.
>>
>> On Thu, Oct 4, 2012 at 4:56 AM, Laxmikant Gurnalkar
>>  wrote:
>> > Hi, Guys
>> >
>> > Disabling CSRF is not working.
>> > These are my midlewares., Removed {% csrf_token %} all templates.
>> >
>> > MIDDLEWARE_CLASSES = (
>> > 'django.middleware.common.CommonMiddleware',
>> > 'django.contrib.sessions.middleware.SessionMiddleware',
>> ># 'django.middleware.csrf.CsrfViewMiddleware',
>> > 'django.contrib.auth.middleware.AuthenticationMiddleware',
>> > #'django.contrib.messages.middleware.MessageMiddleware',
>> > #'django.middleware.csrf.CsrfResponseMiddleware',
>> > # 'igp_acfs.acfs.disablecsrf.DisableCSRF',
>> > )
>> >
>> >
>> > Also tried by writing disablecsrf.py like this :
>> >
>> > class DisableCSRF(object):
>> > def process_request(self, request):
>> > """
>> > """
>> > setattr(request, '_dont_enforce_csrf_checks', True)
>> >
>> >
>> > Thanks in Advance!!!
>> >
>> > Laxmikant
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Django users" group.
>> > To post to this group, send email to django-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > django-users+unsubscr...@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/django-users?hl=en.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To post to this group, send email to django-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> django-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.
>>
>
>
> --
> Regards,
> Ian Clelland
> 
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Disabling CSRF is not working.

2012-10-05 Thread Ian Clelland

On Friday, October 5, 2012, Bill Freeman wrote:

> I believe that I read somewhere that newer Djangos force the CSRF
> middleware even if it's not listed in MIDDLEWARE_CLASSES.


You might be thinking of the CSRF context processor, which is always
enabled, no matter what is in settings. Even the most recent docs don't say
anything about forcing the middleware.

>
> You could dive into the middleware code to see how this happens, and
> come up with a stable strategy to circumvent it.  Or you could just
> fix the necessary views and templates.  There is, after all, a chance
> that you will want to be able to upgrade this site without jumping
> through hoops.
>
> On Thu, Oct 4, 2012 at 4:56 AM, Laxmikant Gurnalkar
> > wrote:
> > Hi, Guys
> >
> > Disabling CSRF is not working.
> > These are my midlewares., Removed {% csrf_token %} all templates.
> >
> > MIDDLEWARE_CLASSES = (
> > 'django.middleware.common.CommonMiddleware',
> > 'django.contrib.sessions.middleware.SessionMiddleware',
> ># 'django.middleware.csrf.CsrfViewMiddleware',
> > 'django.contrib.auth.middleware.AuthenticationMiddleware',
> > #'django.contrib.messages.middleware.MessageMiddleware',
> > #'django.middleware.csrf.CsrfResponseMiddleware',
> > # 'igp_acfs.acfs.disablecsrf.DisableCSRF',
> > )
> >
> >
> > Also tried by writing disablecsrf.py like this :
> >
> > class DisableCSRF(object):
> > def process_request(self, request):
> > """
> > """
> > setattr(request, '_dont_enforce_csrf_checks', True)
> >
> >
> > Thanks in Advance!!!
> >
> > Laxmikant
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Django users" group.
> > To post to this group, send email to 
> > django-users@googlegroups.com
> .
> > To unsubscribe from this group, send email to
> > django-users+unsubscr...@googlegroups.com .
> > For more options, visit this group at
> > http://groups.google.com/group/django-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to 
> django-users@googlegroups.com
> .
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>

-- 
Regards,
Ian Clelland


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Disabling CSRF is not working.

2012-10-05 Thread Bill Freeman

I believe that I read somewhere that newer Djangos force the CSRF
middleware even if it's not listed in MIDDLEWARE_CLASSES.

You could dive into the middleware code to see how this happens, and
come up with a stable strategy to circumvent it.  Or you could just
fix the necessary views and templates.  There is, after all, a chance
that you will want to be able to upgrade this site without jumping
through hoops.

On Thu, Oct 4, 2012 at 4:56 AM, Laxmikant Gurnalkar
 wrote:
> Hi, Guys
>
> Disabling CSRF is not working.
> These are my midlewares., Removed {% csrf_token %} all templates.
>
> MIDDLEWARE_CLASSES = (
> 'django.middleware.common.CommonMiddleware',
> 'django.contrib.sessions.middleware.SessionMiddleware',
># 'django.middleware.csrf.CsrfViewMiddleware',
> 'django.contrib.auth.middleware.AuthenticationMiddleware',
> #'django.contrib.messages.middleware.MessageMiddleware',
> #'django.middleware.csrf.CsrfResponseMiddleware',
> # 'igp_acfs.acfs.disablecsrf.DisableCSRF',
> )
>
>
> Also tried by writing disablecsrf.py like this :
>
> class DisableCSRF(object):
> def process_request(self, request):
> """
> """
> setattr(request, '_dont_enforce_csrf_checks', True)
>
>
> Thanks in Advance!!!
>
> Laxmikant
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Disabling CSRF is not working.

Re: Disabling CSRF is not working.

Re: Disabling CSRF is not working.

Re: Disabling CSRF is not working.

Re: Disabling CSRF is not working.

Re: Disabling CSRF is not working.

Re: Disabling CSRF is not working.

7 matches

Site Navigation

Mail list logo

Footer information