Thanks for those pointers. I think I'll have to try using something like csrf_exempt().
The reason is, I'm working with an API (It's for a voice application), and the API works as follows. You create an app, that among other things, is able to take apart the "session" data that is initially posted to it. The flow of control goes like this. : -User calls a certain number on the phone - That number, being associated with your app, calls a POST request to be issued to your app - Your app can optionally unpack that session data, if it needs piecs of it So you see, the POST is coming from outside of my control. It is coming from the app engine, which is a third party known and trusted by me. I don't think I can impose any restrictions on them, such as including a special token or cookie that I designate. But I guess that raises the issue of how am I protecting my app from being maliiciously attacked by someone other than the third party app engine I trust? Hmm, food for thought. Ted Gilchrist On May 23, 10:49 pm, Gabriel Gunderson <g...@gundy.org> wrote: > On Mon, May 23, 2011 at 8:04 PM,egilchri<egilc...@gmail.com> wrote: > > I am really new to Django. I've set up an Apache server with > > mod_wsgi,and Django, and I've hit what is probably a common > > roadblock. > > Welcome. Hope you enjoy your time spent with Django! > > > When I use "curl" to invoke a url using GET, it works just fine. But > > when I invoke it using POST, I get a 403 error: > > > curl http://web1.tunnlr.com:xxxxx/wsgi-scripts/index.json# works > > fine, creates JSON > > curl -X POSThttp://web1.tunnlr.com:xxxx/wsgi-scripts/index.json# > > produces a 403 error > > 403 is 'Forbidden' and I think it might have something to do with this: > > http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#rejected-requests > > It's a good thing :) It's trying to make the Internet a safer place > --starting with your site. > > > I need to get this working because I am constructing an app that > > returns JSON. However, this app is setup to invoked by an app engine > > that will be POSTing to it. Right now, I see from that app engines > > logs that it is getting back a 404, just like my "curl" test. > > Now, before you said 403... Did you really mean 404? That would > change my reply. > > Best, > Gabe -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
