On Sat, May 21, 2016 at 08:55:04AM -0700, Chris Troutner wrote: > Yep, no luck. I got the cookie plugin integrated, but it didn't make any > difference. The problem isn't with the *retrieval* of the CSRF token, it's > with the *submission*. > > If you bring up this code: > https://github.com/christroutner/rpiovn/blob/unstable/public/js/app/views/NRPUsersView.js > > And scroll down to the approveUser function, you can see a section marked > in comments labeled VIRTUAL FORM. I'm doing to same > xhr.setRequestHeader('X-CSRFToken', > csrftoken); instruction in Francois' example. The POST submission still > results in a 403 Forbidden error.
Hi Chris, Could you perhaps post the full error message you receive with the 403 error? The one you posted in the initial post seems to indicate it's not a CSRF error at all... On Fri, May 20, 2016 at 06:34:42PM -0700, Chris Troutner wrote: > I've tweaked the code every which way and I always get > a "403 FORBIDDEN Authentication credentials were not provided" message. This message would mean that you haven't provided any authentication token, session cookie, or whatever other method your API uses for user authentication. In case of a CSRF error, you'd get something like one of the following: REASON_NO_CSRF_COOKIE = "CSRF cookie not set." REASON_BAD_TOKEN = "CSRF token missing or incorrect." Good luck, Michal -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/20160521160339.GM24966%40koniiiik.org. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: Digital signature
