Maybe decorate the view with @csrf_extempt and test it
like this:
---views.py---
from django.core.context_processors import csrf
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def contact(request):
form = ContactForm()
...some wicked logic here ...
return render_to_re
I tried the following:
1. Change everything to use POST
2. Do
$ curl -d
"name=Bob&csrfmiddlewaretoken=926ab8c4fca858fdf0c441784687d402"
http://localhost:8000/demo/test/
But I'm still getting the same CSRF error. Not sure why.
Also, the token seems to stay the same after restarting the se
That's what I'm looking for.
Thanks :)
On Jan 20, 4:32 pm, Russell Keith-Magee
wrote:
> On Fri, Jan 21, 2011 at 4:40 AM, scabbage wrote:
> > How do I include CSRF token in a curl request then? I use curl for
> > debugging. Cannot seem to find any info on Google :(
>
> The CSRF token is just a h
On Fri, Jan 21, 2011 at 4:40 AM, scabbage wrote:
> How do I include CSRF token in a curl request then? I use curl for
> debugging. Cannot seem to find any info on Google :(
The CSRF token is just a hidden field on your form. When you render
your template, the CSRF token will be included on the re
How do I include CSRF token in a curl request then? I use curl for
debugging. Cannot seem to find any info on Google :(
On Jan 20, 5:11 am, Russell Keith-Magee
wrote:
> On Thu, Jan 20, 2011 at 8:57 PM, Shawn Milochik wrote:
>
> > On Jan 19, 2011, at 8:01 PM, scabbage wrote:
>
> >> Is there a way
On Thu, Jan 20, 2011 at 8:57 PM, Shawn Milochik wrote:
>
> On Jan 19, 2011, at 8:01 PM, scabbage wrote:
>
>> Is there a way to completely disable CSRF handling?
>
> Sure, just remove the CSRF middleware from your settings.py.
While this advice is 100% accurate, I'd would *strongly* caution you
no
On Jan 19, 2011, at 8:01 PM, scabbage wrote:
> Is there a way to completely disable CSRF handling?
Sure, just remove the CSRF middleware from your settings.py.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email
On Wednesday, January 19, 2011 11:07:04 PM UTC, scabbage wrote:
>
> How do I add CSRF token to curl then?
>
> What if I wanna expose my views as web services without providing a
> UI, how do I make sure clients (e.g. Ajax, actionscript, etc) can use
> it without this CSRF issue?
>
>
> Thanks.
maybe use something like piston
https://bitbucket.org/jespern/django-piston/wiki/Home
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email
Is there a way to completely disable CSRF handling?
Is there an documentation about how to create web services APIs using
Django without frontends?
Thanks.
On Jan 19, 3:26 pm, Andy McKay wrote:
> > What if I wanna expose my views as web services without providing a
> > UI, how do I make sure cl
> What if I wanna expose my views as web services without providing a
> UI, how do I make sure clients (e.g. Ajax, actionscript, etc) can use
> it without this CSRF issue?
You can mark things as exempt if you'd like to and are aware of the
implications:
http://docs.djangoproject.com/en/dev/ref/c
How do I add CSRF token to curl then?
What if I wanna expose my views as web services without providing a
UI, how do I make sure clients (e.g. Ajax, actionscript, etc) can use
it without this CSRF issue?
Thanks.
On Jan 19, 4:14 am, Jirka Vejrazka wrote:
> > However, when I tried this:
>
> >
curl -d "name=Bob" -G http://localhost:8000/demo/test
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@go
-d flag sends the specified data in a POST request to the HTTP server, since
you don't supply CSRF token, Django assumes the post is malicious.
See more http://docs.djangoproject.com/en/dev/ref/contrib/csrf/?from=olddocs
--
You received this message because you are subscribed to the Google Group
> However, when I tried this:
>
> $ curl -d "name=Bob" http://localhost:8000/demo/test
curl -d sends data using POST method, not GET method (see curl
documentation). Django expects CSRF token in all POST requests, check
http://docs.djangoproject.com/en/dev/ref/contrib/csrf/
HTH
Jirk
I'm new to Django. I have installed the latest Django and completed
the four-page tutorial. I created a very simple view as below:
from django.http import HttpResponse
def test(request):
return HttpResponse('My name is ' + request.GET['name'])
I'm able to navigate to "http:
16 matches
Mail list logo
