I have managed to resolve the issue. This only works on phonegap, chrome 20 but not on desktop safari 5.1.5.
General strategy: - Make an ajax OPTIONS call to http://foo - Generate the csrf token and return it in the success callback - Extract the csrf token - In the success callback do the ajax post, and set the request header with the csrf token using xhr.setRequestHeader("X-CSRFToken", token) - In the middleware you will need to enable CORS and accept the csrftoken headder Desktop safari seemed to fail as it was unable to return the cookie in the ajax post call This is in django 1.4 and with the view decorators: @ensure_csrf_cookie @require_http_methods(["OPTIONS", "POST"]) On Apr 22, 2:57 am, Luther Goh Lu Feng <elf...@yahoo.com> wrote: > I am running a website on local host (my mac, ip 127.0.0.1) and my > django dev server on a VM (some other ip eg. 192.168.56.1). > > I load up the local host website, which 'emulates' the mobile app that > I will build using phonegap. I am issuing ajax requests from the > website to the django application residing in the VM. > > The views that the requests are routed to are not csrf exempt. As > such, I issue a get request on the local website to try and obtain the > csrf token: > > $.get('http://127.0.0.1:8000/login') > > In the response headers, the following is returned: > Set-Cookie:csrftoken=82c34b2495ad0c7f8a5fed67ca9a21bd; expires=Sat, 20- > Apr-2013 05:20:20 GMT; Max-Age=31449600; Path=/ > > However, this is unfortunately not found in document.cookie. > > I would like to ask for advice on how I can get around this problems. > > Thanks in advance, > > Luther -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
