Comments (11)
Following the commit http://code.djangoproject.com/changeset/16192 ; a new decorator ' ensure_csrf_cookie' has been made available.
from django-dajaxice.
Thanks for your reply @madflo
from django-dajaxice.
Hmmm... is the decorator the best solution to this problem? Every view that uses dajaxice will need to be decorated. If that is the plan, at least it should be clearly documented. I believe this issue will effect almost everyone who uses dajaxice and is particularly nasty because you are unlikely to see it on any browser used for development as they will already have the cookie. The resulting CSRF error message is also a little cryptic and it took me quite a while to figure out what was going on. I guess what I'm saying is that I think is a nasty issue that will effect a very large percentage of users....
from django-dajaxice.
Every view that uses dajaxice should be decorated as every template that have a forms should add {% csrf_token %} .
This behaviour should be correctly documented but there isn't to much we can do inside dajaxice to ease this.
Thanks!
from django-dajaxice.
If you modify the code for the dajaxice_js_import template tag like this, Django will automatically include the CSRF cookie for any page that uses {% dajaxice_js_import %}
def dajaxice_js_import(context):
context.get('csrf_token', None)
return { 'DAJAXICE_MEDIA_PREFIX': DajaxiceRequest.get_media_prefix() }
from django-dajaxice.
Interesting, but if you are serving the file statically?
We can modify the templatetag to also handle statically served files...
@register.inclusion_tag('dajaxice/dajaxice_js_import.html', takes_context=True)
def dajaxice_js_import(context, core_url=None):
context.get('csrf_token', None)
if not core_url or DajaxiceRequest.get_debug():
core_url = '/%s/dajaxice.core.js' % DajaxiceRequest.get_media_prefix()
return {'core_url': core_url}
If there isn't a core_url or we have DAJAXICE_DEBUG = True we will include the dynamic file, else (if there is a core_url and we aren't in debug mode) we will include that core_url.
Cheers
from django-dajaxice.
Check this commit
3bdf3ea#L3R48
from django-dajaxice.
During development I had always a session cookie set, but now I just noticed this issue and am confused:
In the official documentation on version 0.2 you are suggesting one way to get along with CSRF and here you are suggesting another one....
I followed the instructions in the documentation and it did not work; Dajaxice is returning a CSRF 403 view...
from django-dajaxice.
All this CSRF issues are now fixed in the upcoming django-dajaxice 0.5 version (currently on the development branch).
from django-dajaxice.
I've release django-dajaxice 0.5 http://pypi.python.org/pypi/django-dajaxice
from django-dajaxice.
Problem
loading your application and try to interact with dajaxice on the "problems" of safari appears:
Solution
For those who have this problem are not scared because Dajaxice already have solved this problem, what to do is use the RequestContext dela follows:
django.template from import RequestContext
method or function in the view:
def view(request):
context = {'form': form}
return render_to_response ("registration / register.html", context, , context_instance = RequestContext (request))
This solves the problem of csrf_token
from django-dajaxice.
Related Issues (20)
- No error reporting when DEBUG=False
- Dajaxice generated url does not take WSGIScriptAlias into account HOT 1
- Forked and maintained django-dajaxice HOT 1
- DeprecationWarning HOT 1
- Running a django project in a folder
- Pull request #75 /issue #69 back in version 0.6
- Dajaxice only registers one function
- Is there a way to split ajax.py into a few smaller files? HOT 2
- error after django 1.7 upgrade: __init__() got an unexpected keyword argument 'mimetype' HOT 1
- XMLHttpRequest emits onreadystatechange but not onload event HOT 1
- content-type application/octet-stream Problem if nosniff active on webserver
- Incompatibility with django-debug-toolbar
- Unable to find dajaxice/dajaxice.core.js under Windows.
- RemovedInDjango19Warning
- Django server in one computer, client in other computer Problem
- "No module named 'Dajaxice'" with python 3
- dajaxice.core.js:606 Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience.
- Modify GitHub blurb
- safe_dict(d) has same error as old dajaxice project
- Error in new version of Django in urlpatterns
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-dajaxice.