We're adapting our Django powered video site to be an open video
platform for any user to create their own "site" using subdomains (eg
mysite.vidplatform.com) on one Django server instance. Each "site"
would obviously have content associated with only that site in
addition to template and navigatio
been seriously compromised, at
which point there'd be easier attacks to execute.
Kieran
On May 31, 9:17 pm, Graham Dumpleton
wrote:
> On Jun 1, 1:04 pm, Kieran Farr wrote:
>
>
>
>
>
> > We're adapting our Django powered video site to be an open video
> >
I just ran into this as well. Very odd that earlier versions didn't
raise the same error.
On May 18, 1:38 pm, Jori wrote:
> Thanks, you're correct. I don't know how I didn't notice but then
> again it worked just fine with 1.1.1.
>
> -Jori
>
> On May 18, 11:03 pm, Daniel Roseman wrote:
>
>
>
>
Hi, were having the exact same problem.
We're integrating with a third-party API that sends "pings" via simple
POST requests to our server to give us updates re: status video
conversion processes.
We're running Django 1.2.1 with Apache mod_python on Ubuntu 9.04.
I've disabled ALL csrf related mi
return HttpResponse("Oops, something went wrong.",
mimetype="text/plain", status=200)
On Jul 27, 11:30 am, raj wrote:
> Most probably it has something to do with permissions. Go thru the
> exact code block which tries to post the data. Is the login successful
&g
ed [text/plain]
Saving to: `index.html.1'
[ <=>
]
27 --.-K/s in 0s
2010-07-27 20:31:14 (1.84 MB/s) - `index.html.1' saved [27]
On Jul 27, 11:34 am, Kieran Farr wrote:
> This is intended not to be protected by auth, so this page is publicly
> accessib
ngos-csrf-middleware
The decorator @csrf_exempt does not work as described in the docs as
our view always returns a 403 when any content is POSTed.
Very confusing!
Kieran
On Jul 27, 1:32 pm, Kieran Farr wrote:
> Raj sorry I misread your question. This initial response is in re: my
> listener
better way to provide debugging information for 403 errors
raised from the built-in CSRF methods?
All the best and thanks for a great framework.
Kieran
On Jul 27, 6:54 pm, Kieran Farr wrote:
> Further research shows that CSRF is enabled regardless of my
> settings.py if we use Dja
Thanks, David -- you're right on, now I just return an HttpResponse
with result code 404.
Benedict, could you post the view for /management/statistics/top/user/
yearly/ that is causing the 403?
Kieran
On Jul 28, 6:47 am, steven314 wrote:
> @etone: has this discussion of CSRF enabled you to hunt
9 matches
Mail list logo
