How does the cookie get set initially? If you just make one login request,
is it the first OPTIONS pre-flight that sets the cookie or is it ok to be
null until you successfully login?
On Sunday, June 15, 2014 3:14:21 PM UTC-4, Andréas Kühne wrote:
>
> Hi Jesse,
>
> I can't remember where I saw it, but I found that the csrf token is added
> as a cookie to the response, so it is always present on each response. In
> my code I have an event handler (I'm using jquery to post) that looks like
> the following:
>
> $(document).ajaxSend(function (event, jqxhr, settings) {
> jqxhr.setRequestHeader("X-CSRFToken", $.cookie('csrftoken'));
> });
>
> So I just get the value of the cookie 'csrftoken' and add it to the
> request header.
>
> You should be able to do the same (however I don't know dart).
>
> I don't think you should get the crsf token from another request, because
> that should change (if I understand this correctly). Try getting the the
> cookie, and ONLY adding it to the request header of your request, and not
> to the form.
>
> Regards,
>
> Andréas
>
>
> 2014-06-15 20:57 GMT+02:00 Jesse Warden <jesse....@gmail.com <javascript:>
> >:
>
>> Yes, I've added the token in the cookie. Yes, I've added the cookie in
>> the form post variable. Yes, I've added as a GET post variable. Yes, I've
>> tried adding as a POST variable. Yes, I've set it to what the server sends
>> back. Yes, I've set it to what the server-side sends back as a Cookie.
>>
>> ... none of it works.
>>
>> On Sunday, June 15, 2014 1:03:06 PM UTC-4, Renato Oliveira wrote:
>>>
>>> Since you've been trying for so long, may be a obvious answer, but have
>>> you tried with this?
>>>
>>> https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax
>>>
>>> Renato Oliveira
>>> @_renatooliveira <http://twitter.com/_renatooliveira>
>>> Labcodes - www.labcodes.com.br
>>>
>>>
>>>
>>> On Sun, Jun 15, 2014 at 11:38 AM, Jesse Warden <jesse....@gmail.com>
>>> wrote:
>>>
>>>> I've read the stack overflow posts, blog articles on how CSRF works,
>>>> etc, but still failing to get this to work in both JavaScript and Dart. No
>>>> matter what I try, I keep getting a 403 for my login method. I've
>>>> attempted
>>>> various Apache/Virtual Host programs for Mac to run a local domain in
>>>> hopes
>>>> it was just a localhost or browser security problem, all to no avail. I
>>>> used to be able to disable web security on Chrome, but that doesn't seem
>>>> to
>>>> work anymore.
>>>>
>>>> Client Code:
>>>> https://github.com/JesterXL/workoutlogger/blob/master/client/
>>>> WorkoutLoggerDartAngular2/web/com/jessewarden/workoutlogger/
>>>> login/GetTokenService.dart
>>>>
>>>> https://github.com/JesterXL/workoutlogger/blob/master/client/
>>>> WorkoutLoggerDartAngular2/web/com/jessewarden/workoutlogger/
>>>> login/LoginService.dart
>>>>
>>>> Server Code:
>>>> https://github.com/JesterXL/workoutlogger/blob/master/
>>>> server/workoutlogger/workoutapi/views.py
>>>>
>>>> HTTP Responses:
>>>> https://gist.github.com/JesterXL/b7fb18f30e80e0156c98
>>>> https://gist.github.com/JesterXL/9c148016911622dfee66
>>>> https://gist.github.com/JesterXL/8cfd28edf6aebfe1afd4
>>>>
>>>> Thanks if you can help!
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Django users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to django-users...@googlegroups.com.
>>>> To post to this group, send email to django...@googlegroups.com.
>>>> Visit this group at http://groups.google.com/group/django-users.
>>>> To view this discussion on the web visit https://groups.google.com/d/
>>>> msgid/django-users/8aa70895-afc4-41f7-865b-46fba033fff1%
>>>> 40googlegroups.com
>>>> <https://groups.google.com/d/msgid/django-users/8aa70895-afc4-41f7-865b-46fba033fff1%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-users...@googlegroups.com <javascript:>.
>> To post to this group, send email to django...@googlegroups.com
>> <javascript:>.
>> Visit this group at http://groups.google.com/group/django-users.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-users/cad2f35a-3010-4843-be5a-0b0b07a91a03%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/django-users/cad2f35a-3010-4843-be5a-0b0b07a91a03%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/d97fd7cd-a03f-46b2-bc00-667ecfbd8d6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
