Perhaps it's expecting XML in the request and trying to parse your POST data (which is not XML)?
_Nik On Jul 6, 2012, at 6:03 AM, Jeff Silverman wrote: > Ok Nik. I have removed the CSRF middleware and get a brand new error. > > XMLSyntaxError at /hello/ > error parsing attribute name, line 1, column 6Request Method: POST > Request URL: http://piadm42.troweprice.com:5555/hello/ > Django Version: 1.3.1 > Exception Type: XMLSyntaxError > Exception Value: error parsing attribute name, line 1, column 6 > Exception Location: /usr/lib/python2.6/site-packages/ > soaplib-2.0.0_beta1-py2.6.egg/soaplib/core/_base.py in > _parse_xml_string, line 248 > Python Executable: /usr/bin/python > Python Version: 2.6.6 > > The POST in fiddler is something like this -> http://mysite.com:5555/hello/ > and the request body contains -> <name=fred×=2> > > > > On Jul 5, 10:35 pm, Nikolas Stevenson-Molnar <nik.mol...@consbio.org> > wrote: >> Yes, I would expect a 403 when the CSRF middleware is active, the >> decorator is not used, and no CSRF token is provided. This is the >> intended behavior. You can fix this in a few ways: >> >> 1. Apply the decorator to the __call__ method (rather than to the class >> itself). If I understand how this code works, that should correctly >> disable CSRF for the view. >> 2. Provide a CSRF value with the POST data, as you suggested. This all >> depends on how the request is made. Django's CSRF system relies on a >> CSRF value set in a cookie. You have to mimic a browsers cookie >> functionality, then use the value of the CSRF cookie with evey >> request you make. By default, the cookie name is 'csrftoken'. For >> more info on the CSRF process: >> https://docs.djangoproject.com/en/1.4/ref/contrib/csrf/ >> 3. Disable CSRF altogether. Simply remove the CsrfViewMiddleware from >> your settings and you're good to go. >> >> _Nik >> >> On 7/5/2012 6:22 PM, Jeff Silverman wrote: >> >> >> >>> Nik, if I remove the csrf decorator and leave the middleware in place, >>> I get the 403. Is there a way to add the token on the POST command, >>> or is there another way of leaving the middleware in place, but turn >>> off csrf without using the decorator? >> >>> On Thursday, July 5, 2012 8:33:51 PM UTC-4, Jeff Silverman wrote: >> >>> Nik, I will give that a try. The reason for the decorator was >>> that I was getting 403 forbidden, and the decorator made that one >>> go away. If I remove the csrf from the settings file, will that >>> solve that problem? >> >>> On Tuesday, July 3, 2012 9:32:20 AM UTC-4, Jeff Silverman wrote: >> >>> Below is the code from the views.py >> >>> The 405 is retunred from the 'return super(DjangoSoapApp, >>> self).__init__(Application(services, tns))' statement. I am >>> using >>> python 2.6, soaplib20 and django 1.3. I am struggling to >>> understand >>> what exactly is wrong here. >> >>> class HelloWorldService(DefinitionBase): >>> @soap(String,Integer,_returns=Array(String)) >>> def say_smello(self,name,times): >>> results = [] >>> for i in range(0,times): >>> results.append('Hello, %s'%name) >>> return results >> >>> class DjangoSoapApp(WSGIApplication): >>> csrf_exempt = True >> >>> def __init__(self, services, tns): >>> """Create Django view for given SOAP soaplib services and >>> tns""" >> >>> return super(DjangoSoapApp, >>> self).__init__(Application(services, tns)) >> >>> def __call__(self, request): >>> django_response = HttpResponse() >> >>> def start_response(status, headers): >>> django_response.status_code = int(status.split(' >>> ', 1)[0]) >>> for header, value in headers: >>> django_response[header] = value >> >>> response = super(DjangoSoapApp, >>> self).__call__(request.META, >>> start_response) >>> django_response.content = '\n'.join(response) >> >>> return django_response >> >>> # the view to use in urls.py >>> hello_world_service = DjangoSoapApp([HelloWorldService], >>> '__name__') >> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django users" group. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msg/django-users/-/WpDQ4UjGEQwJ. >>> To post to this group, send email to django-users@googlegroups.com. >>> To unsubscribe from this group, send email to >>> django-users+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/django-users?hl=en.- Hide quoted text - >> >> - Show quoted text - > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
