I think I can only get it working in IE because IE forgets the cookie
when the browser closes and the other browsers on my machine aren't. I
think the fact that I have only found this in IE is not really
related.
I guess I'm miss understanding the use of CSRF. Perhaps the correct
way is to place {
Everything makes sense about this except for:
> If the user hasn't visited a page that has #csrfmiddlewaretoken on it
> then there is also no cookie, in IE only.
I am looking in firefox as well and I cannot see that cookie until I
visit a page that has the csrf_token on it -- afterwards it pers
I have got the jQuery that does the ajaxSetup. However the problem is
when #csrfmiddlewaretoken isn't on the page. My jQuery is as the
Django documentation suggests which is to read the cookie value which
is meant to be set at every request.
If the user hasn't visited a page that has #csrfmiddlewa
If its not too much trouble for you, I've switched to GETs instead of POSTs
for my AJAX calls, so i wont have to think about CSRF again.
On 9 March 2011 14:12, krzysiekpl wrote:
> Did you try add custom header X-CSRFToken ? Try this solution if youre
> using jquery
>
> $.ajaxSetup({
>b
Did you try add custom header X-CSRFToken ? Try this solution if youre
using jquery
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!(/^http:.*/.test(settings.url) || /
^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locall
I am experiencing some off behaviour with CSRF but only in IE
browsers. Using Django 1.2.5 (final).
I have a page that has no form and no use of {% csrf_token %} but it
does make a POST request using JavaScript. I have implemented the
jQuery code to grab the CSRF cookie value for all AJAX requests
6 matches
Mail list logo
