Hi Chris,
You will have to pass csrf token in http request header while making
request using AJAX
This can be done by adding following prior to your ajax request.
var csrftoken = $.cookie('csrftoken');
$.ajaxSetup({
headers: { "X-CSRFToken": csrftoken }
});
On Saturday, May 21, 2016 at 7:06:15 AM UTC+5:30, Chris Troutner wrote:
>
> Hey all,
>
> This is my first time posting to the group. I'm working with Bob Hagan
> <https://github.com/bhaugen> on the Network Resource Planning (NRP)
> project <https://github.com/valnet/valuenetwork>. The platform runs on
> Django and he's been using the REST API app to open up ports to some of the
> pieces of the software. Right now we're working on an interface for
> creating new users, which requires the passing of a CSRF token for
> authentication. I'm having a heck of a time and we can't figure out if the
> issue is something set up on the server or on my front end code. I'm hoping
> that the issue might be obvious to someone here.
>
> First of all, you can access the Django API code in the repository code
> here:
> https://github.com/valnet/valuenetwork/tree/master/valuenetwork/api
>
> My front end code is written in JavaScript can be viewed in it's own
> repository here:
>
> https://github.com/christroutner/rpiovn/blob/unstable/public/js/app/views/NRPUsersView.js
>
> This video gives a visual overview of the user interface and the general
> issues I'm experiencing:
> https://youtu.be/vaYCLmsi_hM
>
>
> NRPUsersView.js is a Backbone.js View file. If that doesn't mean anything
> to you, that's OK. The important thing to notice is the three different
> ways I tried to access the API.
>
> 1. I use JavaScript to fill out an HTML form. This is currently the
> only way that works at the moment.
>
> 2. A typical AJAX POST submission
>
> 3. A JavaScript Virtual Form using the FormData object.
>
> Method 3 should be identical to method 1 as far as the server is
> concerned, but the HTTP headers are slightly different. Like I said,
> methods 2 and 3 are not working out. I've tweaked the code every which way
> and I always get a "403 FORBIDDEN Authentication credentials were not
> provided" message.
>
> According to this Django documentation
> <https://docs.djangoproject.com/en/1.8/ref/csrf/#ajax>, there are three
> possible locations to put the CSRF token:
>
> 1. In the document.cookie
>
> 2. In the HTTP header preceded by "X-CSRFToken"
>
> 3. And a hidden input field in the form
>
>
> I've tried every combination of the three options for passing the CSRF
> token and haven't had any luck.
>
>
> Has anyone had experience implementing this type of API authentication
> with Django before? Any help you can provide would be appreciated.
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/d67a586f-61e4-4806-a0ac-c76cb3b96f1b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
