Re: csrf token driving me crazy

Tue, 21 Jun 2011 05:29:07 -0700 


On Jun 21, 4:54 pm, Daniel Roseman <dan...@roseman.org.uk> wrote:
> On Tuesday, 21 June 2011 12:17:26 UTC+1, Divkis wrote:
>
> > Hi all,
> >           I am facing some really weird issue with csrf token handling
> > in django 1.3. Until now I was using 1.2 and my views were working
> > fine with ajax post requests by setting the X-CSRFToken. I upgraded to
> > django1.3 and cleared all the cookies in my browser and I see that no
> > csrktoken cookie is being set and thus breaking my views.
>
> > To debug this I looked into django sources and I see that when one my
> > views is called which is called using post, the csrf token is
> > generated and put inside request.META['CSRF_COOKIE'] but there are
> > other static files referred inside the view which are called using GET
> > but I see that the csrf token is regenerated even for GET calls. Hence
> > the csrf_token set (using {% csrf_token %}) in one of my templates no
> > longer matches with what is contained in request.META['CSRF_COOKIE'].
> > Moreover I tried to use {% csrf_token %} because the csrftoken cookie
> > is not being found/set in browser cookie.
>
> > I am not sure what is causing this. Please help.
>
> When you upgrade versions, you should always be sure to read the release
> notes. In this case, the notes point out that there has a been a
> backwards-incompatible change on CSRF in Ajax requests, and points to the
> updated documentation, which you should read, as it explains exactly how to
> get a CSRF token for use in 
> Ajax.https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax


Yeah, I did read the updated documentation but I did not find anything
that seems to point to backward incompatible change w.r.t. 1.2. May be
I have overlooked something. Please point me to the right section in
the documentation.

Moreover  it does not explain that why a GET request seems to change
the request.META['CSRF_COOKIE'].

Thanks & Regards,
DivKis01

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Reply via email to