django-csrf

问题 Using jquery1.7.1 and django1.3 ,I was trying to make a post request through ajax,in some tutorial code I found on web $(document).ready(function(){ $("#create").click(create_note); }); var create_note = function() { var title = $("#title").val() var slug = $("#slug").val() if (title != "" && slug != "") { var data = { title:title, slug:slug }; console.log('title='+title); console.log('slug='+slug); var args = { type:"POST", url:"/create/", data:data, complete:done }; $.ajax(args); } else { /

问题 In my Django project I will have to modify the tuple of file upload handlers "on the fly" as documented, to have the ability to modify the file stream as it is being uploaded. I need this "on the fly", because I have to provide the handler some data from the View (see setup() method in the code below). The documentation also mentions how to take care of doing this if you use CSRF protection. This is special because the CSRF protection middleware accesses the POST data in the request resulting

问题 I am using stripe.js for stripe payments. I need to setup a callback wenhook to receive the request from stripe. Since the webhook is posted to by stripe - I have marked it as csrf_excempt . Is there any risk with making this view csrf_excempt ? If I should have csrf protection on this view, how can I pass and get back the csrf tokens from stripe? 回答1: That's not going to work. Definitely disable csrf for the callback from Stripe. Even if you.. passed the csrf_token to stripe found a way to

问题 I am using TokenAuthentication in Django REST Framework to have a script remotely access my API. The domain running the API is behind a TLS certificate. I have scoured through MANY sources, and tried many options before coming here to figure out what my problem is. In short, I continue to get the CSRF verification failed. Request aborted. error when I attempt to post. Here is my view: # @csrf_exempt @api_view(['POST']) @authentication_classes((TokenAuthentication,)) @permission_classes(

问题 I have a single page angularjs application utilizing JWT authentication. Because JWTs are sent with every single request, it seems redundant to use CSRF tokens in my forms. In order to disable CSRF checking, I commented out 'django.middleware.csrf.CsrfViewMiddleware' in my settings.py middleware classes. This all works fine. However, when I use the Django Admin panel, CSRF is used. This seems reasonable since JWTs don't protect the Admin pages. When I log into Admin, a cookie is set

问题 I'm really stuck. Here's what I'm trying to do. KEEP CSRF On. - please don't tell me to turn it off. I have an API app run by Django and Django Rest Framework I have a frontend app run by Vue I have installed django-cors-headers to manage CORS Everything works great localy. As soon as I move it to production, I start getting CSRF errors. Here's how everything works. I've seen answers all over that have said everything from turning off CSRF to allowing all for all the things. I want to do this

问题 I don't understand why, but Django has ceased including the csrf cookie in responses. I have the middleware enabled, have tried using RequestContext and am using render. I have even tried using the csrf_protect and requires_csrf_token decorators. I am working on a dev server right now, and I can print the context after I use RequestContext, and it seems to include a csrf_token. But when I look at the actual headers using Chrome's inspect element, the csrf_token isn't there, also when I use

问题 I'm trying to use the django rest framework to to easily handle some models as restful resources. this is the code that I have: Django: 1.7.1 Django REST Framework: 2.4.4 jQuery: 2.1.1 # models.py class DocumentNodeTemplate(MPTTModel): """ """ document_template = models.ForeignKey( DocumentTemplate, related_name="nodes", verbose_name="Document template" ) parent = TreeForeignKey( 'self', null=True, blank=True, related_name='children' ) section_template = models.ForeignKey( 'SectionTemplate',

问题 Before posting this i've tried every solution method posted online, including solutions on Stackoverflow and Django. (I think the reason for error perhaps is due to the fact that i'm on a newer verison of jQuery and django and most solutions are dated, using jQuery 1.9 and django 1.5.1) Here are some URL's to solutions that don't work: Django CSRF check failing with an Ajax POST request How to use $.post with django? https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax Any help would

问题 My website has a single page with 2 forms and 3 ajax-based POST calls. I have used csrf_token in one of the forms. Also, to be able to perform csrf-safe ajax calls, I am using the guidelines posted on the official documentation: https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/ and this blog: https://realpython.com/blog/python/django-and-ajax-form-submissions/ As suggested, by using this peice of code https://gist.github.com/broinjc/db6e0ac214c355c887e5 in my javascript file, it seems I