To create csrf cookie without using csrf tag, your view needs to be decorated with django.views.decorators.csrf.ensure_csrf_cookie. Also check: https://code.djangoproject.com/ticket/16936
2011/9/30 Kenneth Love <kennethl...@gmail.com> > You're using AJAX and forms incorrectly, then. Any form that has a > solid effect on your database (creating, replacing, or deleting data) > should be POSTed and should have CSRF token. > > Look into pydanny's django-uni-form project (http://readthedocs.org/ > docs/dango-uni-form/en/latest/) for creating your forms. It'll create > the CSRF token for you if you set the form method to POST (again, as > it should be). Then, in your AJAX function that submits the form, > submit the key & value of the CSRF token field to the endpoint. Now > you have AJAX forms that are still safe and sane. > > On Sep 29, 5:15 pm, galgal <weglarek.rob...@gmail.com> wrote: > > Yes, but that JavaScript code is useless until {% csrf_token %} or > get_token > > is used. I don't use POST forms - only AJAX forms so I don't have that > > cookie made after page load. > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- http://yasar.serveblog.net/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.