Re: CSRF with AJAX problem

2011-09-30 Thread Yaşar Arabacı
To create csrf cookie without using csrf tag, your view needs to be decorated with django.views.decorators.csrf.ensure_csrf_cookie. Also check: https://code.djangoproject.com/ticket/16936 2011/9/30 Kenneth Love > You're using AJAX and forms incorrectly, then. Any form

Re: CSRF with AJAX problem

2011-09-30 Thread Kenneth Love
You're using AJAX and forms incorrectly, then. Any form that has a solid effect on your database (creating, replacing, or deleting data) should be POSTed and should have CSRF token. Look into pydanny's django-uni-form project (http://readthedocs.org/ docs/dango-uni-form/en/latest/) for creating

Re: CSRF with AJAX problem

2011-09-29 Thread galgal
Yes I have. It returns null if no cookie. -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/Y4TMZ5p-XYgJ. To post to this group, send email to

Re: CSRF with AJAX problem

2011-09-29 Thread Javier Guerra Giraldez
On Thu, Sep 29, 2011 at 7:15 PM, galgal wrote: > Yes, but that JavaScript code is useless until {% csrf_token %} or get_token > is used. I don't use POST forms - only AJAX forms so I don't have that > cookie made after page load. have you read it? -- Javier -- You

Re: CSRF with AJAX problem

2011-09-29 Thread galgal
Yes, but that JavaScript code is useless until {% csrf_token %} or get_token is used. I don't use POST forms - only AJAX forms so I don't have that cookie made after page load. -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this

Re: CSRF with AJAX problem

2011-09-29 Thread Javier Guerra Giraldez
On Thu, Sep 29, 2011 at 6:23 PM, galgal wrote: > How can I make that cookie without using csrf tag? right there in the code sample you quoted: xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); where getCookie() is defined as: function getCookie(name)

CSRF with AJAX problem

2011-09-29 Thread galgal
I have a problem/bug found? in AJAX with CSRF. I don't use {% csrf_token %} at all. I use only AJAX forms so - there is no cookie set for csrf. In taht case - https://docs.djangoproject.com/en/1.3/ref/contrib/csrf/#ajax is useless :( I can use get_token to generate it, but I have to put it in