Here's my solution, let me know if it's stupid in some way.
In the template file, I have:
1. The standard
<input type="hidden" name="csrf_token" id="csrf_token"
value="$csrf_token()"/>
2. jQuery bit that includes the csrf_token in the params passed in AJAX:
<script>
$$(document).ready(function(){
$$(':checkbox').change(function() {
var isChecked = $$(this).is(":checked") ? 1:0;
$$.ajax({
url: '/spaceship_member_toggle',
type: 'POST',
data: { strID:$$(this).attr("id"), strState:isChecked,
csrf_token:$$('#csrf_token').val() }
});
})
});
</script>
On Friday, November 8, 2013 3:43:03 PM UTC-6, Bill Seitz wrote:
>
> Doing my first try at some AJAX code with web.py.
>
> I render a grid of checkboxes (some on, some off). Then, when any checkbox
> is checked or unchecked, it immediately sends that checkbox ID/status to a
> POST via AJAX.
>
> I have found that, if I leave the `@csrf_protected` line before the `def
> POST(self):` line, the call results in a status=400 error.
>
> Is there some obvious thing I need to do, like have my AJAX call read the
> CSRF cookie and include it in the POST?
>
> As I write this, I guess I have a vector to investigate, but figure if
> someone else already has solved this it beats me banging my head this one
> extra time... :)
>
>
>
--
You received this message because you are subscribed to the Google Groups
"web.py" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/webpy.
For more options, visit https://groups.google.com/groups/opt_out.
