Missing csrftoken cookie causes CSRF errors about django-dajaxice HOT 11 CLOSED

Following the commit http://code.djangoproject.com/changeset/16192 ; a new decorator ' ensure_csrf_cookie' has been made available.

from django-dajaxice.

Thanks for your reply @madflo

from django-dajaxice.

Hmmm... is the decorator the best solution to this problem? Every view that uses dajaxice will need to be decorated. If that is the plan, at least it should be clearly documented. I believe this issue will effect almost everyone who uses dajaxice and is particularly nasty because you are unlikely to see it on any browser used for development as they will already have the cookie. The resulting CSRF error message is also a little cryptic and it took me quite a while to figure out what was going on. I guess what I'm saying is that I think is a nasty issue that will effect a very large percentage of users....

from django-dajaxice.

Every view that uses dajaxice should be decorated as every template that have a forms should add {% csrf_token %} .

This behaviour should be correctly documented but there isn't to much we can do inside dajaxice to ease this.

Thanks!

from django-dajaxice.

If you modify the code for the dajaxice_js_import template tag like this, Django will automatically include the CSRF cookie for any page that uses {% dajaxice_js_import %}

def dajaxice_js_import(context):
    context.get('csrf_token', None)
    return { 'DAJAXICE_MEDIA_PREFIX': DajaxiceRequest.get_media_prefix() }

from django-dajaxice.

Interesting, but if you are serving the file statically?

We can modify the templatetag to also handle statically served files...

@register.inclusion_tag('dajaxice/dajaxice_js_import.html', takes_context=True)
def dajaxice_js_import(context, core_url=None):
    context.get('csrf_token', None)
    if not core_url or DajaxiceRequest.get_debug():
        core_url = '/%s/dajaxice.core.js' % DajaxiceRequest.get_media_prefix()
    return {'core_url': core_url}

If there isn't a core_url or we have DAJAXICE_DEBUG = True we will include the dynamic file, else (if there is a core_url and we aren't in debug mode) we will include that core_url.

Cheers

from django-dajaxice.

Check this commit
3bdf3ea#L3R48

from django-dajaxice.

During development I had always a session cookie set, but now I just noticed this issue and am confused:
In the official documentation on version 0.2 you are suggesting one way to get along with CSRF and here you are suggesting another one....
I followed the instructions in the documentation and it did not work; Dajaxice is returning a CSRF 403 view...

from django-dajaxice.

All this CSRF issues are now fixed in the upcoming django-dajaxice 0.5 version (currently on the development branch).

from django-dajaxice.

I've release django-dajaxice 0.5 http://pypi.python.org/pypi/django-dajaxice

from django-dajaxice.

Problem

loading your application and try to interact with dajaxice on the "problems" of safari appears:

Solution

For those who have this problem are not scared because Dajaxice already have solved this problem, what to do is use the RequestContext dela follows:

django.template from import RequestContext

method or function in the view:

def view(request):
      context = {'form': form}
      return render_to_response ("registration / register.html", context, , context_instance = RequestContext (request))

This solves the problem of csrf_token

from django-dajaxice.