Hi,
I thought I'd finally understood this but it seems I have not and I've
spent far too much time trying to do it myself.
I have a view rendering to the template below, which is displaying a number
of buttons that when clicked will execute another Python function in the
views.py. This works fine if I disable the CSRF protection but as I've
read this is not good practice, I'm desperately trying to get the token
included in POST request. I thought I'd finally cracked it yesterday
having found the sample code in the documentation and indeed it appeared to
work until first I tried my project in a different browser and then
subsequently cleared the cache of Chrome.
What am I doing wrong here?
I've not included the views.py as I'm assuming the issue is in the
JavaScript.
index.html
{% load static %}
<head>
<!-- <script src="{% static 'jquery-3.2.1.min.js' %}"></script> -->
<!-- <script src="static/jquery-3.2.1.min.js"></script> -->
<script src=
"https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js";></script>
</head>
<script>
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie !== '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) === (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('csrftoken');
$.ajaxSetup({
beforeSend: function(xhr, settings) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
});
</script>
<body>
<div>
<h1 id='hdr_1'>{{ hdr1 }}</h1>
</div>
<table>
<tr>
{% if my_apps_list %}
{% for my_apps in my_apps_list %}
<td>
<button type="button" id="app{{ forloop.counter }}">
<img src="{% static my_apps.app_icon %}" alt="{{ my_apps.app_name }}" height
="132" width="192">
</button><br><br>
<script>
$("#app{{ forloop.counter }}").click( function() {
$.post("{% url 'launch' %}",
{'appname': '{{ my_apps.app_name }}',
'apppath': '{{ my_apps.app_path }}',
'appexe': '{{ my_apps.app_exe }}',
'appargs': '{{ my_apps.app_args }}',
'appusr': '{{ my_apps.app_user }}',
'apppwd': '{{ my_apps.app_pwd }}',
'applook4': '{{ my_apps.app_wait4 }}',
'appdelay': '{{ my_apps.app_delay }}',
'appkeys': '{{ my_apps.app_keys }}'
}, function (msg) {
document.getElementById('appstatus').innerHTML = msg;
});
});
</script>
</td>
{% endfor %}
</tr>
</table>
<br>
<p id='appstatus'></p>
{% else %}
<p>No applications are available.</p>
{% endif %}
</body>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/36f50839-ded6-4ea1-8539-afa60041fe30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
