How does the cookie get set initially? If you just make one login request,
is it the first OPTIONS pre-flight that sets the cookie or is it ok to be
null until you successfully login?
On Sunday, June 15, 2014 3:14:21 PM UTC-4, Andréas Kühne wrote:
>
> Hi Jesse,
>
> I can't remember where I saw it, but I found that the csrf token is added
> as a cookie to the response, so it is always present on each response. In
> my code I have an event handler (I'm using jquery to post) that looks like
> the following:
>
> $(document).ajaxSend(function (event, jqxhr, settings) {
> jqxhr.setRequestHeader("X-CSRFToken", $.cookie('csrftoken'));
> });
>
> So I just get the value of the cookie 'csrftoken' and add it to the
> request header.
>
> You should be able to do the same (however I don't know dart).
>
> I don't think you should get the crsf token from another request, because
> that should change (if I understand this correctly). Try getting the the
> cookie, and ONLY adding it to the request header of your request, and not
> to the form.
>
> Regards,
>
> Andréas
>
>
> 2014-06-15 20:57 GMT+02:00 Jesse Warden <[email protected] <javascript:>
> >:
>
>> Yes, I've added the token in the cookie. Yes, I've added the cookie in
>> the form post variable. Yes, I've added as a GET post variable. Yes, I've
>> tried adding as a POST variable. Yes, I've set it to what the server sends
>> back. Yes, I've set it to what the server-side sends back as a Cookie.
>>
>> ... none of it works.
>>
>> On Sunday, June 15, 2014 1:03:06 PM UTC-4, Renato Oliveira wrote:
>>>
>>> Since you've been trying for so long, may be a obvious answer, but have
>>> you tried with this?
>>>
>>> https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax
>>>
>>> Renato Oliveira
>>> @_renatooliveira <http://twitter.com/_renatooliveira>
>>> Labcodes - www.labcodes.com.br
>>>
>>>
>>>
>>> On Sun, Jun 15, 2014 at 11:38 AM, Jesse Warden <[email protected]>
>>> wrote:
>>>
>>>> I've read the stack overflow posts, blog articles on how CSRF works,
>>>> etc, but still failing to get this to work in both JavaScript and Dart. No
>>>> matter what I try, I keep getting a 403 for my login method. I've
>>>> attempted
>>>> various Apache/Virtual Host programs for Mac to run a local domain in
>>>> hopes
>>>> it was just a localhost or browser security problem, all to no avail. I
>>>> used to be able to disable web security on Chrome, but that doesn't seem
>>>> to
>>>> work anymore.
>>>>
>>>> Client Code:
>>>> https://github.com/JesterXL/workoutlogger/blob/master/client/
>>>> WorkoutLoggerDartAngular2/web/com/jessewarden/workoutlogger/
>>>> login/GetTokenService.dart
>>>>
>>>> https://github.com/JesterXL/workoutlogger/blob/master/client/
>>>> WorkoutLoggerDartAngular2/web/com/jessewarden/workoutlogger/
>>>> login/LoginService.dart
>>>>
>>>> Server Code:
>>>> https://github.com/JesterXL/workoutlogger/blob/master/
>>>> server/workoutlogger/workoutapi/views.py
>>>>
>>>> HTTP Responses:
>>>> https://gist.github.com/JesterXL/b7fb18f30e80e0156c98
>>>> https://gist.github.com/JesterXL/9c148016911622dfee66
>>>> https://gist.github.com/JesterXL/8cfd28edf6aebfe1afd4
>>>>
>>>> Thanks if you can help!
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Django users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To post to this group, send email to [email protected].
>>>> Visit this group at http://groups.google.com/group/django-users.
>>>> To view this discussion on the web visit https://groups.google.com/d/
>>>> msgid/django-users/8aa70895-afc4-41f7-865b-46fba033fff1%
>>>> 40googlegroups.com
>>>> <https://groups.google.com/d/msgid/django-users/8aa70895-afc4-41f7-865b-46fba033fff1%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To post to this group, send email to [email protected]
>> <javascript:>.
>> Visit this group at http://groups.google.com/group/django-users.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-users/cad2f35a-3010-4843-be5a-0b0b07a91a03%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/django-users/cad2f35a-3010-4843-be5a-0b0b07a91a03%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/d97fd7cd-a03f-46b2-bc00-667ecfbd8d6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
