Yeah, Thanks a lot. now I preferred to work with CSRF. On Wed, Oct 10, 2012 at 2:24 AM, Bill Freeman <ke1g...@gmail.com> wrote:
> If you can't disable the middleware, you could consider marking the > view with the csrf_exempt decorator from django.views.decorators.csrf > (see https://docs/djangoproject.com/en/1.4/contrib/csrf/#utilities > > Bill > > On Sun, Oct 7, 2012 at 3:41 AM, Laxmikant Gurnalkar > <laxmikant.gurnal...@gmail.com> wrote: > > Thanks, for the response. > > I had a problem like this > > I was trying to create a storesite which can be worked without django > > framework but using django. i.e just static template index.html & a > > java-script file. With all the stuff dynamically generated & only urls by > > the django, so that anybody can use my index.html, just calls my server > for > > the url to display dynamic content using users information. > > so for this purpose I had a cookies resided in my browser and I was > trying > > to create database objecst using javascript with api urls. > > > > When I studied CSRF in detail, I understood that, private dynamic > > javascript cookies cannot be directly used to retrieve or access the > > database related to your site. Hence, my javascript was considered by > django > > as a malicious/attack content and thrown a 403 forbidden error. So I was > > trying to remove the CSRF from my project. But Failed. Due to the same > > reason as you guys have told me. > > So on understanding CSRF just removed code of cookies & just added > > parameters to url just before when user refreshes the page. And whole > thing > > worked. That was the Great experience. > > > > anyways, > > Plz tell me if I can hv any other method to do this. adding parameters to > > url is definitely not secure always. > > > > One more thing I am using csrf_exempt to handle api views. > > > > Thanks a lot again. > > > > On Sat, Oct 6, 2012 at 4:38 AM, Bill Freeman <ke1g...@gmail.com> wrote: > >> > >> Right you are. > >> > >> On Fri, Oct 5, 2012 at 6:20 PM, Ian Clelland <clell...@gmail.com> > wrote: > >> > > >> > > >> > On Friday, October 5, 2012, Bill Freeman wrote: > >> >> > >> >> I believe that I read somewhere that newer Djangos force the CSRF > >> >> middleware even if it's not listed in MIDDLEWARE_CLASSES. > >> > > >> > > >> > You might be thinking of the CSRF context processor, which is always > >> > enabled, no matter what is in settings. Even the most recent docs > don't > >> > say > >> > anything about forcing the middleware. > >> >> > >> >> > >> >> You could dive into the middleware code to see how this happens, and > >> >> come up with a stable strategy to circumvent it. Or you could just > >> >> fix the necessary views and templates. There is, after all, a chance > >> >> that you will want to be able to upgrade this site without jumping > >> >> through hoops. > >> >> > >> >> On Thu, Oct 4, 2012 at 4:56 AM, Laxmikant Gurnalkar > >> >> <laxmikant.gurnal...@gmail.com> wrote: > >> >> > Hi, Guys > >> >> > > >> >> > Disabling CSRF is not working. > >> >> > These are my midlewares., Removed {% csrf_token %} all templates. > >> >> > > >> >> > MIDDLEWARE_CLASSES = ( > >> >> > 'django.middleware.common.CommonMiddleware', > >> >> > 'django.contrib.sessions.middleware.SessionMiddleware', > >> >> > # 'django.middleware.csrf.CsrfViewMiddleware', > >> >> > 'django.contrib.auth.middleware.AuthenticationMiddleware', > >> >> > # 'django.contrib.messages.middleware.MessageMiddleware', > >> >> > # 'django.middleware.csrf.CsrfResponseMiddleware', > >> >> > # 'igp_acfs.acfs.disablecsrf.DisableCSRF', > >> >> > ) > >> >> > > >> >> > > >> >> > Also tried by writing disablecsrf.py like this : > >> >> > > >> >> > class DisableCSRF(object): > >> >> > def process_request(self, request): > >> >> > """ > >> >> > """ > >> >> > setattr(request, '_dont_enforce_csrf_checks', True) > >> >> > > >> >> > > >> >> > Thanks in Advance!!! > >> >> > > >> >> > Laxmikant > >> >> > > >> >> > -- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups > >> >> > "Django users" group. > >> >> > To post to this group, send email to django-users@googlegroups.com > . > >> >> > To unsubscribe from this group, send email to > >> >> > django-users+unsubscr...@googlegroups.com. > >> >> > For more options, visit this group at > >> >> > http://groups.google.com/group/django-users?hl=en. > >> >> > >> >> -- > >> >> You received this message because you are subscribed to the Google > >> >> Groups > >> >> "Django users" group. > >> >> To post to this group, send email to django-users@googlegroups.com. > >> >> To unsubscribe from this group, send email to > >> >> django-users+unsubscr...@googlegroups.com. > >> >> For more options, visit this group at > >> >> http://groups.google.com/group/django-users?hl=en. > >> >> > >> > > >> > > >> > -- > >> > Regards, > >> > Ian Clelland > >> > <clell...@gmail.com> > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Django users" group. > >> > To post to this group, send email to django-users@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > django-users+unsubscr...@googlegroups.com. > >> > For more options, visit this group at > >> > http://groups.google.com/group/django-users?hl=en. > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Django users" group. > >> To post to this group, send email to django-users@googlegroups.com. > >> To unsubscribe from this group, send email to > >> django-users+unsubscr...@googlegroups.com. > >> For more options, visit this group at > >> http://groups.google.com/group/django-users?hl=en. > >> > > > > > > > > -- > > > > GlxGuru > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Django users" group. > > To post to this group, send email to django-users@googlegroups.com. > > To unsubscribe from this group, send email to > > django-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > > http://groups.google.com/group/django-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- * GlxGuru * -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
