It looks like you're submitting your request via AJAX and using the
X-CSRFToken header. It's very possible that one of your proxies isn't
forwarding that header correctly. You might try submitting it as an
actual form parameter instead.
_Nik
On 10/25/2012 6:01 AM, Stone wrote:
> Over Firefox and Firebug I have received that CSRF Validation failed.
> My server is running on apache2-2.2.22 and there are two proxy's
> All template file and forms includes csrf_token tag.
>
> On Oct 24, 6:54 pm, Nikolas Stevenson-Molnar <nik.mol...@consbio.org>
> wrote:
>> It's possible that the CSRF token isn't being sent correctly. As a test,
>> try adding the @csrf_exempt decorator to your view. If you no longer get
>> the 403, then it's a CSRF problem.
>>
>> _Nik
>>
>> On 10/24/2012 6:31 AM, Stone wrote:
>>
>>
>>
>>
>>
>>
>>
>>> My Django application is running on real server (apache2-2.2.22).
>>> In urls.py is mentioned:
>>> (r'^configSave/$', configSave),
>>> My HTML is bellow. After pressing on configSave I am receiving HTTP
>>> 403 error page.
>>> In view.py is mentioned:
>>> def configSave(request):
>>> configFile={}
>>> if os.path.isfile(SSO_CONF) != False:
>>> f = open(SSO_CONF,"r")
>>> for line in f:
>>> line = line.strip()
>>> if re.search('^#',line) != None:
>>> '''print 'This is the commentary'''
>>> else:
>>> '''print line'''
>>> try:
>>> name, value = line.split('=',2)
>>> configFile[name]=value
>>> print '<%s>%s</%s>' % (name, value, name)
>>> except ValueError, err:
>>> ''' print 'This is empty row'''
>>> configFile['SlaveDeactAppl']=configFile['SlaveDeactAppl'].split(',');
>>> configFile['SlaveDeactScripts']=configFile['SlaveDeactScripts'].split(',');
>>> configFile={}
>>> if os.path.isfile(SSO_CONF) != False:
>>> f = open(SSO_CONF,"r")
>>> for line in f:
>>> line = line.strip()
>>> if re.search('^#',line) != None:
>>> '''print 'This is the commentary'''
>>> else:
>>> '''print line'''
>>> try:
>>> name, value = line.split('=',2)
>>> configFile[name]=value
>>> print '<%s>%s</%s>' % (name, value, name)
>>> except ValueError, err:
>>> ''' print 'This is empty row'''
>>> configFile['SlaveDeactAppl']=configFile['SlaveDeactAppl'].split(',');
>>> configFile['SlaveDeactScripts']=configFile['SlaveDeactScripts'].split(',');
>>> c = {}
>>> c = Context({
>>> 'config':configFile,
>>> 'item':2,
>>> })
>>> c.update(csrf(request))
>>> return
>>> render_to_response('config.html',c,context_instance=RequestContext(request))
>>> By the way how to really fast define logging mechanism which can be
>>> use for debugging.
>>> Is this my programmer approach corrector is there any other way how to
>>> react on the pressing of button?
>>> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://
>>> www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
>>> {% extends "index.html" %}
>>> {% block content %}
>>> <html lang="en-US" xml:lang="en-US" xmlns="http://www.w3.org/1999/
>>> xhtml">
>>> <script type="text/javascript">
>>> top.helpID="SSO_config";
>>> $(document).ready(function () {
>>> function sendAjax()
>>> {
>>> $(document).ajaxSend(function(event, xhr, settings) {
>>> function getCookie(name) {
>>> var cookieValue = null;
>>> if (document.cookie && document.cookie != '') {
>>> var cookies = document.cookie.split(';');
>>> for (var i = 0; i < cookies.length; i++) {
>>> var cookie = jQuery.trim(cookies[i]);
>>> if (cookie.substring(0, name.length + 1) == (name
>>> + '=')) {
>>> cookieValue =
>>> decodeURIComponent(cookie.substring(name.length + 1));
>>> break;
>>> }
>>> }
>>> }
>>> return cookieValue;
>>> }
>>> function sameOrigin(url) {
>>> var host = document.location.host; // host + port
>>> var protocol = document.location.protocol;
>>> var sr_origin = '//' + host;
>>> var origin = protocol + sr_origin;
>>> // Allow absolute or scheme relative URLs to same origin
>>> return (url == origin || url.slice(0, origin.length + 1)
>>> == origin + '/') ||
>>> (url == sr_origin || url.slice(0, sr_origin.length +
>>> 1) == sr_origin + '/') ||
>>> !(/^(\/\/|http:|https:).*/.test(url));
>>> }
>>> function safeMethod(method) {
>>> return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
>>> }
>>> if (!safeMethod(settings.type) && sameOrigin(settings.url)) {
>>> xhr.setRequestHeader("X-CSRFToken",
>>> getCookie('csrftoken'));
>>> }
>>> });
>>> }
>>> $("#saveCfg").click(function(event){
>>> sendAjax();
>>> $.ajax({
>>> type: "POST",
>>> url: "/SSO/configSave/",
>>> dataType: "text",
>>> success: function(data) {
>>> alert(data);
>>> },
>>> error: function(xhr,ajaxOptions,thrownError) {
>>> alert(xhr.status +" "+xhr.statusText);
>>> alert(thrownError);
>>> }
>>> });
>>> });
>>> });
>>> </script>
>>> <body class="bodyClass">
>>> <table class="body_table">
>>> <tr>
>>> <th colspan="4" class="thead"><b> IP configuration</b></
>>> th>
>>> </tr>
>>> <tr>
>>> <td>Master IP address</td>
>>> <td>
>>> <input id="mip" style="width: 100px;"
>>> value="{{config.MasterIPAddress}}"/>
>>> </td>
>>> <td>Slave IP address</td>
>>> <td>
>>> <input id="sip" style="width: 100px;"
>>> value="{{config.SlaveIPAddress}}"/>
>>> </td>
>>> </tr>
>>> <tr>
>>> <td>Master netmask</td>
>>> <td>
>>> <input id="mnetmask" style="width: 100px;"
>>> value="{{config.MasterIPNetmask}}"/>
>>> </td>
>>> <td>Slave netmask</td>
>>> <td>
>>> <input id="snetmask" style="width: 100px;"
>>> value="{{config.SlaveIPNetmask}}"/>
>>> </td>
>>> </tr>
>>> <tr>
>>> <td>Master broadcast</td>
>>> <td>
>>> <input id="mbroadcast" style="width: 100px;"
>>> value="{{config.MasterIPBroadcast}}"/>
>>> </td>
>>> <td>Slave broadcast</td>
>>> <td>
>>> <input id="sbroadcast" style="width: 100px;"
>>> value="{{config.SlaveIPBroadcast}}"/>
>>> </td>
>>> </tr>
>>> <tr>
>>> <td></td>
>>> <td></td>
>>> <td></td>
>>> <td></td>
>>> </tr>
>>> <tr>
>>> <td>Lancard name</td>
>>> <td><span id="cardname"></span>{{config.LanCardName}}</td>
>>> <td>MAC address</td>
>>> <td><input id="cardmac" value="{{config.LanCardMAC}}"/></td>
>>> </tr>
>>> <tr>
>>> <th colspan="4" class="thead"><b> Configuration
>>> parameters</b>
>>> </th>
>>> </tr>
>>> <tr>
>>> <td>Replication frequency</td>
>>> <td>
>>> <select id="freq">
>>> <option {% if config.MasterBackupFrequency =
>>> "daily" %}
>>> selected="selected"{% endif %}>daily</option>
>>> <option {% if config.MasterBackupFrequency =
>>> "Monday" %}
>>> selected="selected"{% endif %}>Monday</option>
>>> <option {% if config.MasterBackupFrequency =
>>> "Thusday" %}
>>> selected="selected"{% endif %}>Thusday</option>
>>> <option {% if config.MasterBackupFrequency =
>>> "Wednesday" %}
>>> selected="selected"{% endif %}>Wednesday</option>
>>> <option {% if config.MasterBackupFrequency =
>>> "Thursday" %}
>>> selected="selected"{% endif %}>Thursday</option>
>>> <option {% if config.MasterBackupFrequency =
>>> "Friday" %}
>>> selected="selected"{% endif %}>Friday</option>
>>> <option {% if config.MasterBackupFrequency =
>>> "Saturday" %}
>>> selected="selected"{% endif %}>Saturday</option>
>>> <option {% if config.MasterBackupFrequency =
>>> "Sunday" %}
>>> selected="selected"{% endif %}>Sunday</option>
>>> </select>
>>> </td>
>>> <td>Replication time</td>
>>> <td><input style="width: 40%;" id="backuptime"
>>> value="{{config.MasterBackupStartTime}}"/></td>
>>> </tr>
>>> <tr>
>>> <td valign="top">Slave deactivated application</td>
>>> <td style="width: 20%;"><span id="appl">
>>> {% for appl in config.SlaveDeactAppl %}
>>> {{ appl }}<br>
>>> {% endfor %}
>>> </span></td>
>>> <td valign="top">Slave deactivated scripts</td>
>>> <td style="width: 20%;"><span id="scripts">
>>> {% for appl in config.SlaveDeactScripts %}
>>> {{ appl }}<br>
>>> {% endfor %}
>>> </span></td>
>>> </tr>
>>> <!-- <div id="buttonPanel" style="display: block;">
>>> <button id="saveTime" class="submitButton ui-state-default ui-
>>> corner-all ui-priority-primary">Save replication parameters</button>
>>> </div> -->
>>> <tr>
>>> <th colspan="4" class="thead"><b> Replication parameters</
>>> b>
>>> </th>
>>> </tr>
>>> <tr>
>>> <td>Replication enable</td>
>>> <td><input type="checkbox" id="replEnable" {% if
>>> config.ReplicationEnable = "yes" %}checked="checked"{% endif %}/></td>
>>> <td>Account used for replication</td>
>>> <td>
>>> <select id="account">
>>> <option {% if config.ReplicationAccount = "engr"
>>> %}
>>> selected="selected"{% endif %}>engr</option>
>>> <option {% if config.ReplicationAccount = "root"
>>> %}
>>> selected="selected"{% endif %}>root</option>
>>> </select>
>>> </td>
>>> </tr>
>>> <tr>
>>> <td>ReplicationRetryInterval</td>
>>> <td><span
>>> id="interval">{{config.ReplicationRetryInterval}}</span></
>>> td>
>>> <td>ReplicationRetryCount</td>
>>> <td><span id="count">{{config.ReplicationRetryCount}}</span></td>
>>> </tr>
>>> <tr valign="center" align="center" colspan="4">
>>> <td colspan="4">
>>> <input type="button" id="saveCfg" valign="center"
>>> class="submitButton ui-state-default ui-corner-all ui-priority-
>>> primary" onclick="javascript:location.href='/SSO/configSave/';"
>>> style="width:200px;" value="Save complete settings"/>
>>> </td>
>>> </tr>
>>> </table>
>>> </body>
>>> </html>
>>> {% endblock %}
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
