django-csrf

问题 My app worked well so far, when all was done by accessing its public IP. Now, it's being added to the main site, as app.mainsite.com. It's accessible like that. I can log in, etc, everything. But my app is a little special in that, a certain feature of it allows its users to open one of its URLs in an iframe on any third party site where the app's scripts are embedded in html, to do some app specific activity on those third party sites. Now, everyone could see the new stuff the app brought to

问题 I have a blog that runs behind both HTTP and HTTPS and am running into issues with the csrf token verification. The CSRF token is available in each form as it should be, but when I'm on the HTTP version of the site and try to commit a comment I get the following error. Forbidden (403) CSRF verification failed. Request aborted. Referer checking failed - http://mysite.com/blog/1/ does not match https://mysite.com/. It works fine when viewing the blog via HTTPS. Anyone know how to get the

问题 I try to add ModelForm for my model, but every POST attempt ends with "403 Forbidden. CSRF verification failed. Request aborted. Reason given for failure: CSRF token missing or incorrect". I have no render_to_response() method, so I can't fix this problem by adding RequestContext. Here's my model: from django.db import models from django.forms import ModelForm . . . class Text(models.Model): title = models.CharField(max_length=200) content = models.TextField() def __str__(self): return self

问题 I'm getting CSRF token missing or incorrect error while doing a POST request to a remote django api from my localhost machine. My settings on AngularJS: .config(['$httpProvider', function($httpProvider){ $httpProvider.defaults.xsrfCookieName = 'csrftoken'; $httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken'; }]); but im still getting the CSRF token missing or incorrect error. I check what headers are being sent and apparently angular is not sending HTTP_X_CSRFTOKEN . But I can see that the

问题 My current setup is AngularJS + Django 1.5 and I have completely thrown away the use of Django's template engine (ie. the backend is pretty much an API server). Since I am not using the csrf_token template tag, Django, in turn, does not set and send the csrftoken cookie in response. As instructed by the official docs, the ensure_csrf_cookie() decorator should be used to force the decorated view to send the csrftoken cookie. I have applied the ensure_csrf_cookie() decorator to the view, which

问题 My current setup is AngularJS + Django 1.5 and I have completely thrown away the use of Django's template engine (ie. the backend is pretty much an API server). Since I am not using the csrf_token template tag, Django, in turn, does not set and send the csrftoken cookie in response. As instructed by the official docs, the ensure_csrf_cookie() decorator should be used to force the decorated view to send the csrftoken cookie. I have applied the ensure_csrf_cookie() decorator to the view, which

问题 My current setup is AngularJS + Django 1.5 and I have completely thrown away the use of Django's template engine (ie. the backend is pretty much an API server). Since I am not using the csrf_token template tag, Django, in turn, does not set and send the csrftoken cookie in response. As instructed by the official docs, the ensure_csrf_cookie() decorator should be used to force the decorated view to send the csrftoken cookie. I have applied the ensure_csrf_cookie() decorator to the view, which

问题 How can I use the jquery.post() method in Django? This is what I am trying to do: var postdata={ 'username':$('#login-email').val(), 'password':$('#login-password').val() } $.post('/login/',postdata) How do I CSRF protect this in django? Is there a way to add to the CSRF token to the post data? 回答1: I usually refer a file with this content to every page I want to be able to make AJAX requests: if (!$) var $ = django.jQuery; $('html').ajaxSend(function(event, xhr, settings) { function

问题 within my django app I am storing strings of html in the db that will then be displayed on the users' home pages as "messages". Some of these messages contain forms, but not being written in the template language, I am not able to insert the csrf token (thus breaking the app). Is there a way to insert this token directly from within the python files i'm editing? i'm looking for something along the lines of: csrf_token = django.csrf.generate() message = "press the button please: <form><input

问题 I'm trying to use JavaScript's fetch library to make a form submission to my Django application. However no matter what I do it still complains about CSRF validation. The docs on Ajax mentions specifying a header which I have tried. I've also tried grabbing the token from the templatetag and adding it to the form data. Neither approach seems to work. Here is the basic code that includes both the form value and the header: let data = new FormData(); data.append('file', file);; data.append(