Hello Hendrik,
To simplify things and to do some tests, I started with disabling the csrf
protection. Here is my JS:
dojo.xhrPost( {
url: "/test/",
content: {details: JSON.stringify(details)},
load: function(response){
alert(response);
},
error: function(){
alert("error");
}
});
In views.py, I have:
@csrf_exempt
def new_session(request):
if request.is_ajax():
return HttpResponse('ok')
In theory, I should see the 'ok' alert, but, instead, I got "null". The
debug message shows:
[07/Jun/2012 10:31:06] code 400, message Bad request syntax
('\x16\x03\x01\x00\x8f\x01\x00\x00\x8b\x03\x01O\xd0\xc9:}m\x9e\x04\xbf_:$`\x96v\xca\x1b\x92\xb8\xc7?M\x0f\xbdc\x8e\xfb+\x84E\x8c?\x00\x00H\x00\xff\xc0')
[07/Jun/2012 10:31:06] "??O??:}m??_:$`?v????M?c??+?E??H??" 400 -
This error message looks similar to that before the csrf_exempt decorator
was added, which suggests to me that the problem may not be in the csrf
protection. Am I right? Any thoughts would be greatly appreciated!
voss
On Monday, June 4, 2012 8:21:15 PM UTC-5, henzk wrote:
>
> Hi Voss,
>
> i forgot about django's CSRF protection.
> You can use the csrf_exempt decorator on the view function to disable
> django's CSRF protection - however, i wouldn't recommend that.
>
> There is a script at
> https://docs.djangoproject.com/en/dev/ref/contrib/csrf/
> To use the script with dojo instead of jquery, you will need to adapt it a
> little:
>
> -copy the getCookie function to your code
>
> then, every time you make a POST request to your application using
> dojo.xhrPost, add this to the arguments object:
>
> headers: {'X-CSRFToken': getCookie('csrftoken')}
>
> If you are still getting HTTP 400 errors, verify that the request looks
> sane in firebug and check that it contains a X_HTTP_REQUESTED_WITH header
> set to XMLHttpRequest (but i am pretty sure dojo adds this one
> automatically).
>
> hendrik
>
> Am Montag, 4. Juni 2012 18:33:21 UTC+2 schrieb voss:
>>
>> Hi Hendrik,
>>
>> I forgot to mention in my previous message that the debug shows the
>> following:
>>
>> code 400, message Bad request syntax
>> ("\x16\x03\x01\x00\x8b\x01\x00\x00\x87\x03\x01O\xcc\xd8\xc0\x18hZ\x7f\xa3h\xb9l\xaf\xdb\xfbp}(\xc1\xc6\xa5g\x18\xe5!\x87\xd4\xe2`_'\x90\x00\x00H\x00\xff\xc0")
>>
>> Thank you!
>>
>> voss
>>
>>
>>
>> On Saturday, June 2, 2012 8:46:38 AM UTC-5, henzk wrote:
>>>
>>> Hi,
>>>
>>> i haven't tested the code and never used dojo before, but sth. like
>>> this should work:
>>>
>>> var source1 = new dojo.dnd.Source("itemListNode");
>>> var source2 = new dojo.dnd.Target("selectedListNode");
>>> dojo.connect( source1, "onDndDrop",
>>> function(source, nodes, copy, target){
>>> //gather items and details
>>> var details = [];
>>> for( i=0; i < nodes.length; i++){
>>> var item = this.getItem(nodes[i].id);
>>> details.push(item.data);
>>> }
>>> //send details to server via AJAX POST request
>>> dojo.xhrPost({
>>> url: "/save_details/",
>>> content: {details: JSON.stringify(details)},
>>> // The success handler
>>> load: function(response) {
>>> alert('ok');
>>> },
>>> // The error handler
>>> error: function() {
>>> alert("error");
>>> }
>>> });
>>> });
>>>
>>> Explanation:
>>>
>>> - changed 'item' to 'var item' ... without the 'var' item will be
>>> global, which is probably not what you want.
>>> - to get around making multiple requests to the server(one for each
>>> dropped node), put the detail of each node in the details array.
>>> - then json-encode and send this array to your django view (assumed to
>>> be at '/save_details/')
>>> - in the view, access the list as
>>> json.loads(request.POST.get('details', '[]')) and place it into
>>> request.session
>>>
>>> As mentioned, the code is completely untested.
>>>
>>> Good luck!
>>>
>>> Yours,
>>>
>>> Hendrik Speidel
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/django-users/-/CWKY_xRFelAJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
