#8127: CSRF + AJAX
---------------------------------------------+------------------------------
Reporter: xlax | Owner: nobody
Status: new | Milestone:
Component: Contrib apps | Version: SVN
Resolution: | Keywords: CSRF AJAX
Stage: Design decision needed | Has_patch: 1
Needs_docs: 0 | Needs_tests: 1
Needs_better_patch: 0 |
---------------------------------------------+------------------------------
Comment (by herrstagl):
We had some issues with csrf and ajax when we used an flash uploader in
combination with windows and firefox. in this special case, flash is
sending the IE cookies instead of the Firefox cookies and therefore CSRF
raises an error because no valid session is available. What we did, to get
csrf working even with the flash YUI upload:
* we added the csrfmiddlewaretoken to the ajax post request
* we wrote a patch during the implementation of www.xipax.com for the
middleware.py which checks if there is POST variable called session_id, if
not, it falls back to the standard behaviour of the CSRF middleware
This file is attached to the ticket
--
Ticket URL: <http://code.djangoproject.com/ticket/8127#comment:13>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
