Hi all,
I am facing some really weird issue with csrf token handling
in django 1.3. Until now I was using 1.2 and my views were working
fine with ajax post requests by setting the X-CSRFToken. I upgraded to
django1.3 and cleared all the cookies in my browser and I see that no
csrktoken cookie is being set and thus breaking my views.
To debug this I looked into django sources and I see that when one my
views is called which is called using post, the csrf token is
generated and put inside request.META['CSRF_COOKIE'] but there are
other static files referred inside the view which are called using GET
but I see that the csrf token is regenerated even for GET calls. Hence
the csrf_token set (using {% csrf_token %}) in one of my templates no
longer matches with what is contained in request.META['CSRF_COOKIE'].
Moreover I tried to use {% csrf_token %} because the csrftoken cookie
is not being found/set in browser cookie.
I am not sure what is causing this. Please help.
In django.middleware.csrf.py: CsrfViewMiddleware: proces_response I
have put the following prints:
def process_response(self, request, response):
if getattr(response, 'csrf_processing_done', False):
return response
print 'CSRF_COOKIE is ', request.META.get('CSRF_COOKIE')
print 'CSRF_COOKIE_USED is ',
request.META.get('CSRF_COOKIE_USED')
print 'CSRF_COOKIE_DOMAIN is ',
request.META.get('CSRF_COOKIE_DOMAIN')
and the output from django development server is :
CSRF_COOKIE is 131b312f5978ae7b80dcebce32a8d71f
CSRF_COOKIE_USED is None
CSRF_COOKIE_DOMAIN is None
[21/Jun/2011 05:50:50] "POST / HTTP/1.1" 200 18881
CSRF_COOKIE is dbba1a4cc2089723019c26d250bcaf22
CSRF_COOKIE_USED is None
CSRF_COOKIE_DOMAIN is None
[21/Jun/2011 05:50:53] "GET /static/css/base.css HTTP/1.1" 200 8527
CSRF_COOKIE is bd14b0b3d4acfc4d5e0581beb6c693af
CSRF_COOKIE_USED is None
CSRF_COOKIE_DOMAIN is None
[21/Jun/2011 05:50:53] "GET /static/css/redmond/jquery-
ui-1.8.10.custom.css HTTP/1.1" 200 34080
CSRF_COOKIE is 6c5b8e37943bb61e494fb619a0a4c4a9
CSRF_COOKIE_USED is None
CSRF_COOKIE_DOMAIN is None
[21/Jun/2011 05:50:53] "GET /static/js/jquery-1.5.1.js HTTP/1.1" 200
216840
CSRF_COOKIE is 3b158fc50ee44bb222b8001301270916
CSRF_COOKIE_USED is None
CSRF_COOKIE_DOMAIN is None
[21/Jun/2011 05:50:54] "GET /static/js/jquery-ui-1.8.10.custom.min.js
HTTP/1.1" 200 207380
CSRF_COOKIE is c9fbacd13a07019d8d656fba079439d4
CSRF_COOKIE_USED is None
CSRF_COOKIE_DOMAIN is None
[21/Jun/2011 05:50:54] "GET /static/js/json.min.js HTTP/1.1" 200 1257
CSRF_COOKIE is 6f9409363d14c7bc565e7f6436650149
CSRF_COOKIE_USED is None
CSRF_COOKIE_DOMAIN is None
[21/Jun/2011 05:50:54] "GET /static/css/prettyPhoto.css HTTP/1.1" 200
27294
CSRF_COOKIE is ff323f081ece38d56734c96b9ecddace
CSRF_COOKIE_USED is None
CSRF_COOKIE_DOMAIN is None
[21/Jun/2011 05:50:54] "GET /static/js/jquery.prettyPhoto.js HTTP/1.1"
200 34052
CSRF_COOKIE is 790fa3e999201cadafcaefe84505dd35
CSRF_COOKIE_USED is None
CSRF_COOKIE_DOMAIN is None
[21/Jun/2011 05:50:54] "GET /static/js/index.js HTTP/1.1" 200 3681
CSRF_COOKIE is c5762ae986e245f6da30879f1df15180
CSRF_COOKIE_USED is None
CSRF_COOKIE_DOMAIN is None
[21/Jun/2011 05:50:54] "GET /static/js/base.js HTTP/1.1" 200 2579
Thanks & Regards,
Divkis01
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
