> I found this thread today as I have come across the same problem. > > I did find a solution that seems to work OK and I'd like to post > it and get some feedback. > > ...... >
The thing with your solution is that the user won't get the token if he happens to come through another page than the home page, he won't get the CSRF token. To solve this, you'd have to let Django serve all HTML pages. Even if I'd wan't that, I couldn't because we also have PHP pages on the site. I've ditched Dajaxice entirely, wrote my own little JavaScript and some Python (about 50 LoC) to handle Ajax requests. I can now use a GET when I don't need a POST, so CSRF is not an issue for me anymore :). Another thing you could maybe do is retrieve a CSRF token through a GET request, and use that for your POSTs. Kind regards, Vincent -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
