To create csrf cookie without using csrf tag, your view needs to be
decorated with django.views.decorators.csrf.ensure_csrf_cookie. Also check:
https://code.djangoproject.com/ticket/16936

2011/9/30 Kenneth Love <kennethl...@gmail.com>

> You're using AJAX and forms incorrectly, then. Any form that has a
> solid effect on your database (creating, replacing, or deleting data)
> should be POSTed and should have CSRF token.
>
> Look into pydanny's django-uni-form project (http://readthedocs.org/
> docs/dango-uni-form/en/latest/) for creating your forms. It'll create
> the CSRF token for you if you set the form method to POST (again, as
> it should be). Then, in your AJAX function that submits the form,
> submit the key & value of the CSRF token field to the endpoint. Now
> you have AJAX forms that are still safe and sane.
>
> On Sep 29, 5:15 pm, galgal <weglarek.rob...@gmail.com> wrote:
> > Yes, but that JavaScript code is useless until {% csrf_token %} or
> get_token
> > is used. I don't use POST forms - only AJAX forms so I don't have that
> > cookie made after page load.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>


-- 
http://yasar.serveblog.net/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Reply via email to