If for whatever reason you are using django 1.3, you need to ensure the csrf token generated in the view is passed through unicode. eg unicode(csrf(request)['csrf_token'])
On Apr 23, 6:04 pm, Luther Goh Lu Feng <elf...@yahoo.com> wrote: > I have managed to resolve the issue. This only works on phonegap, > chrome 20 but not on desktop safari 5.1.5. > > General strategy: > - Make an ajax OPTIONS call tohttp://foo > - Generate the csrf token and return it in the success callback > - Extract the csrf token > - In the success callback do the ajax post, and set the request header > with the csrf token using xhr.setRequestHeader("X-CSRFToken", token) > - In the middleware you will need to enable CORS and accept the > csrftoken headder > > Desktop safari seemed to fail as it was unable to return the cookie in > the ajax post call > > This is in django 1.4 and with the view decorators: > > @ensure_csrf_cookie > @require_http_methods(["OPTIONS", "POST"]) > > On Apr 22, 2:57 am, Luther Goh Lu Feng <elf...@yahoo.com> wrote: > > > > > > > > > I am running a website on local host (my mac, ip 127.0.0.1) and my > > django dev server on a VM (some other ip eg. 192.168.56.1). > > > I load up the local host website, which 'emulates' the mobile app that > > I will build using phonegap. I am issuing ajax requests from the > > website to the django application residing in the VM. > > > The views that the requests are routed to are not csrf exempt. As > > such, I issue a get request on the local website to try and obtain the > > csrf token: > > > $.get('http://127.0.0.1:8000/login') > > > In the response headers, the following is returned: > > Set-Cookie:csrftoken=82c34b2495ad0c7f8a5fed67ca9a21bd; expires=Sat, 20- > > Apr-2013 05:20:20 GMT; Max-Age=31449600; Path=/ > > > However, this is unfortunately not found in document.cookie. > > > I would like to ask for advice on how I can get around this problems. > > > Thanks in advance, > > > Luther -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
