On Tuesday, 21 June 2011 12:17:26 UTC+1, Divkis wrote:
>
> Hi all,
> I am facing some really weird issue with csrf token handling
> in django 1.3. Until now I was using 1.2 and my views were working
> fine with ajax post requests by setting the X-CSRFToken. I upgraded to
> django1.3 and cleared all the cookies in my browser and I see that no
> csrktoken cookie is being set and thus breaking my views.
>
> To debug this I looked into django sources and I see that when one my
> views is called which is called using post, the csrf token is
> generated and put inside request.META['CSRF_COOKIE'] but there are
> other static files referred inside the view which are called using GET
> but I see that the csrf token is regenerated even for GET calls. Hence
> the csrf_token set (using {% csrf_token %}) in one of my templates no
> longer matches with what is contained in request.META['CSRF_COOKIE'].
> Moreover I tried to use {% csrf_token %} because the csrftoken cookie
> is not being found/set in browser cookie.
>
> I am not sure what is causing this. Please help.
>
When you upgrade versions, you should always be sure to read the release
notes. In this case, the notes point out that there has a been a
backwards-incompatible change on CSRF in Ajax requests, and points to the
updated documentation, which you should read, as it explains exactly how to
get a CSRF token for use in Ajax.
https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax
--
DR.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/django-users/-/9dKAbkYP8A4J.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
