Hello Hendrik,
Your code works on my machine, too!! I don't know what is wrong with my
code. I will definitely compare it carefully to yours. Hopefully, I will
find the cause soon.
By the way, I do have firebug running all the time, but it does not show
any errors.
Once again, thank you so much for all your help! Your help is very much
appreciated.
voss
On Thursday, June 7, 2012 1:04:27 PM UTC-5, henzk wrote:
>
> Hi Voss,
>
> you were missing a comma after "details: JSON.stringify(details)"
> However, i don't think that was the cause of the problem. When using
> csrf_exempt you do not need to include the csrf token.
>
> I have now created a test project and it's working here. The project is
> called 'testp' and the app is called 'testa'
>
> #testp.urls
> from django.conf.urls import patterns, include, url
>
> urlpatterns = patterns('',
> url(r'^dojo/$', 'testa.views.dojo'),
> url(r'^test/$', 'testa.views.new_session'),
> )
>
> #testa.views
> from django.views.decorators.csrf import csrf_exempt
> from django.shortcuts import render
> from django.http import HttpResponse
>
> def dojo(request):
> return render(request, 'dojo.html')
>
> @csrf_exempt
> def new_session(request):
> if request.is_ajax():
> return HttpResponse('ok')
> else:
> return HttpResponse('only AJAX requests are allowed!')
>
> #dojo.html
> <html>
> <head>
> <script
> src="http://ajax.googleapis.com/ajax/libs/dojo/1.7.2/dojo/dojo.js";<http://ajax.googleapis.com/ajax/libs/dojo/1.7.2/dojo/dojo.js>
> ></script>
> <script>
> var details = [1,2,3,4,5]
> dojo.xhrPost( {
> url: "/test/",
> content: {details: JSON.stringify(details)},
> load: function(response){
> alert(response);
> },
> error: function(){
> alert("error");
> }
> });
> </script>
> </head>
> <body>
>
> If i visit localhost:8000/dojo/ it alerts 'ok'
>
> Maybe you can deduce your error by comparing this to your setup.
> Also, do you have a debugging tool like firebug? It really helps me out
> quite often.
>
> Good luck!
>
> hendrik
>
> On 06/07/2012 06:58 PM, voss wrote:
>
> Hi Hendrik,
>
> Thank you for your prompt reply. I really appreciate it!
>
> Yes, I am using the django development server, and it is on port 8000. I,
> too, read that the https can cause the '\x16\x03\x01' problem, but I don't
> see how this can happen in my case because I did not create any https'.
>
> Although it may not be csrf, do you think csrfmiddlewaretoken: '{{
> csrf_token }}' could be the missing piece (see
> http://stackoverflow.com/questions/9085068/django-jquery-get-to-post)? It
> seems to make sense to me because {% csrf_token %} is required for a normal
> post request. If so, how do I use it in dojo.xhrPost? I tried
>
>
> dojo.xhrPost( {
> url: "/test/",
> content: {
> details: JSON.stringify(details)
> csrfmiddlewaretoken: '{{ csrf_token }}'
> },
> load: function(response){
> alert(response);
> },
> error: function(){
> alert("error");
> }
> });
>
>
> , but it did not change anything. I also commented out the is_ajax line,
> but I got the same debug message.
>
>
> voss
>
> On Thursday, June 7, 2012 11:32:14 AM UTC-5, henzk wrote:
>>
>> Hi Voss,
>>
>> i guess you are right ... it may not be related to CSRF-Protection at all.
>> Are you using the django development server? I have found some references
>> for '\x16\x03\x01' using google, e.g.
>>
>> http://wishmesh.com/2010/05/apache-logs-contains-x16x03x01-when-accessing-site-via-https/
>>
>> It seems that this is related to browsers that speak HTTPS to a
>> (misconfigured) HTTP server.
>>
>> Can you verify that this happens also when using the django devserver on
>> port 8000?
>> Another thing you could try is to get rid of the is_ajax check.
>> In either case you should return a response for non-ajax requests also
>> ... otherwise you will provoke a HTTP500 in these cases.
>>
>> hendrik
>>
>>
>> On 06/07/2012 06:17 PM, voss wrote:
>>
>> Hello Hendrik,
>>
>> To simplify things and to do some tests, I started with disabling the
>> csrf protection. Here is my JS:
>>
>> dojo.xhrPost( {
>> url: "/test/",
>> content: {details: JSON.stringify(details)},
>> load: function(response){
>> alert(response);
>> },
>> error: function(){
>> alert("error");
>> }
>> });
>>
>>
>> In views.py, I have:
>>
>> @csrf_exempt
>> def new_session(request):
>> if request.is_ajax():
>> return HttpResponse('ok')
>>
>>
>> In theory, I should see the 'ok' alert, but, instead, I got "null". The
>> debug message shows:
>>
>> [07/Jun/2012 10:31:06] code 400, message Bad request syntax
>> ('\x16\x03\x01\x00\x8f\x01\x00\x00\x8b\x03\x01O\xd0\xc9:}m\x9e\x04\xbf_:$`\x96v\xca\x1b\x92\xb8\xc7?M\x0f\xbdc\x8e\xfb+\x84E\x8c?\x00\x00H\x00\xff\xc0')
>> [07/Jun/2012 10:31:06] "??O??:}m??_:$`?v????M?c??+?E??H??" 400 -
>>
>> This error message looks similar to that before the csrf_exempt decorator
>> was added, which suggests to me that the problem may not be in the csrf
>> protection. Am I right? Any thoughts would be greatly appreciated!
>>
>> voss
>>
>>
>> On Monday, June 4, 2012 8:21:15 PM UTC-5, henzk wrote:
>>>
>>> Hi Voss,
>>>
>>> i forgot about django's CSRF protection.
>>> You can use the csrf_exempt decorator on the view function to disable
>>> django's CSRF protection - however, i wouldn't recommend that.
>>>
>>> There is a script at
>>> https://docs.djangoproject.com/en/dev/ref/contrib/csrf/
>>> To use the script with dojo instead of jquery, you will need to adapt it
>>> a little:
>>>
>>> -copy the getCookie function to your code
>>>
>>> then, every time you make a POST request to your application using
>>> dojo.xhrPost, add this to the arguments object:
>>>
>>> headers: {'X-CSRFToken': getCookie('csrftoken')}
>>>
>>> If you are still getting HTTP 400 errors, verify that the request
>>> looks sane in firebug and check that it contains a X_HTTP_REQUESTED_WITH
>>> header set to XMLHttpRequest (but i am pretty sure dojo adds this one
>>> automatically).
>>>
>>> hendrik
>>>
>>> Am Montag, 4. Juni 2012 18:33:21 UTC+2 schrieb voss:
>>>>
>>>> Hi Hendrik,
>>>>
>>>> I forgot to mention in my previous message that the debug shows the
>>>> following:
>>>>
>>>> code 400, message Bad request syntax
>>>> ("\x16\x03\x01\x00\x8b\x01\x00\x00\x87\x03\x01O\xcc\xd8\xc0\x18hZ\x7f\xa3h\xb9l\xaf\xdb\xfbp}(\xc1\xc6\xa5g\x18\xe5!\x87\xd4\xe2`_'\x90\x00\x00H\x00\xff\xc0")
>>>>
>>>> Thank you!
>>>>
>>>> voss
>>>>
>>>>
>>>>
>>>> On Saturday, June 2, 2012 8:46:38 AM UTC-5, henzk wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> i haven't tested the code and never used dojo before, but sth. like
>>>>> this should work:
>>>>>
>>>>> var source1 = new dojo.dnd.Source("itemListNode");
>>>>> var source2 = new dojo.dnd.Target("selectedListNode");
>>>>> dojo.connect( source1, "onDndDrop",
>>>>> function(source, nodes, copy, target){
>>>>> //gather items and details
>>>>> var details = [];
>>>>> for( i=0; i < nodes.length; i++){
>>>>> var item = this.getItem(nodes[i].id);
>>>>> details.push(item.data);
>>>>> }
>>>>> //send details to server via AJAX POST request
>>>>> dojo.xhrPost({
>>>>> url: "/save_details/",
>>>>> content: {details: JSON.stringify(details)},
>>>>> // The success handler
>>>>> load: function(response) {
>>>>> alert('ok');
>>>>> },
>>>>> // The error handler
>>>>> error: function() {
>>>>> alert("error");
>>>>> }
>>>>> });
>>>>> });
>>>>>
>>>>> Explanation:
>>>>>
>>>>> - changed 'item' to 'var item' ... without the 'var' item will be
>>>>> global, which is probably not what you want.
>>>>> - to get around making multiple requests to the server(one for each
>>>>> dropped node), put the detail of each node in the details array.
>>>>> - then json-encode and send this array to your django view (assumed to
>>>>> be at '/save_details/')
>>>>> - in the view, access the list as
>>>>> json.loads(request.POST.get('details', '[]')) and place it into
>>>>> request.session
>>>>>
>>>>> As mentioned, the code is completely untested.
>>>>>
>>>>> Good luck!
>>>>>
>>>>> Yours,
>>>>>
>>>>> Hendrik Speidel
>>>>>
>>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/django-users/-/CWKY_xRFelAJ.
>> To post to this group, send email to [email protected].
>> To unsubscribe from this group, send email to
>> [email protected].
>> For more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.
>>
>>
>>
> On Thursday, June 7, 2012 11:32:14 AM UTC-5, henzk wrote:
>>
>> Hi Voss,
>>
>> i guess you are right ... it may not be related to CSRF-Protection at all.
>> Are you using the django development server? I have found some references
>> for '\x16\x03\x01' using google, e.g.
>>
>> http://wishmesh.com/2010/05/apache-logs-contains-x16x03x01-when-accessing-site-via-https/
>>
>> It seems that this is related to browsers that speak HTTPS to a
>> (misconfigured) HTTP server.
>>
>> Can you verify that this happens also when using the django devserver on
>> port 8000?
>> Another thing you could try is to get rid of the is_ajax check.
>> In either case you should return a response for non-ajax requests also
>> ... otherwise you will provoke a HTTP500 in these cases.
>>
>> hendrik
>>
>>
>> On 06/07/2012 06:17 PM, voss wrote:
>>
>> Hello Hendrik,
>>
>> To simplify things and to do some tests, I started with disabling the
>> csrf protection. Here is my JS:
>>
>> dojo.xhrPost( {
>> url: "/test/",
>> content: {details: JSON.stringify(details)},
>> load: function(response){
>> alert(response);
>> },
>> error: function(){
>> alert("error");
>> }
>> });
>>
>>
>> In views.py, I have:
>>
>> @csrf_exempt
>> def new_session(request):
>> if request.is_ajax():
>> return HttpResponse('ok')
>>
>>
>> In theory, I should see the 'ok' alert, but, instead, I got "null". The
>> debug message shows:
>>
>> [07/Jun/2012 10:31:06] code 400, message Bad request syntax
>> ('\x16\x03\x01\x00\x8f\x01\x00\x00\x8b\x03\x01O\xd0\xc9:}m\x9e\x04\xbf_:$`\x96v\xca\x1b\x92\xb8\xc7?M\x0f\xbdc\x8e\xfb+\x84E\x8c?\x00\x00H\x00\xff\xc0')
>> [07/Jun/2012 10:31:06] "??O??:}m??_:$`?v????M?c??+?E??H??" 400 -
>>
>> This error message looks similar to that before the csrf_exempt decorator
>> was added, which suggests to me that the problem may not be in the csrf
>> protection. Am I right? Any thoughts would be greatly appreciated!
>>
>> voss
>>
>>
>> On Monday, June 4, 2012 8:21:15 PM UTC-5, henzk wrote:
>>>
>>> Hi Voss,
>>>
>>> i forgot about django's CSRF protection.
>>> You can use the csrf_exempt decorator on the view function to disable
>>> django's CSRF protection - however, i wouldn't recommend that.
>>>
>>> There is a script at
>>> https://docs.djangoproject.com/en/dev/ref/contrib/csrf/
>>> To use the script with dojo instead of jquery, you will need to adapt it
>>> a little:
>>>
>>> -copy the getCookie function to your code
>>>
>>> then, every time you make a POST request to your application using
>>> dojo.xhrPost, add this to the arguments object:
>>>
>>> headers: {'X-CSRFToken': getCookie('csrftoken')}
>>>
>>> If you are still getting HTTP 400 errors, verify that the request
>>> looks sane in firebug and check that it contains a X_HTTP_REQUESTED_WITH
>>> header set to XMLHttpRequest (but i am pretty sure dojo adds this one
>>> automatically).
>>>
>>> hendrik
>>>
>>> Am Montag, 4. Juni 2012 18:33:21 UTC+2 schrieb voss:
>>>>
>>>> Hi Hendrik,
>>>>
>>>> I forgot to mention in my previous message that the debug shows the
>>>> following:
>>>>
>>>> code 400, message Bad request syntax
>>>> ("\x16\x03\x01\x00\x8b\x01\x00\x00\x87\x03\x01O\xcc\xd8\xc0\x18hZ\x7f\xa3h\xb9l\xaf\xdb\xfbp}(\xc1\xc6\xa5g\x18\xe5!\x87\xd4\xe2`_'\x90\x00\x00H\x00\xff\xc0")
>>>>
>>>> Thank you!
>>>>
>>>> voss
>>>>
>>>>
>>>>
>>>> On Saturday, June 2, 2012 8:46:38 AM UTC-5, henzk wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> i haven't tested the code and never used dojo before, but sth. like
>>>>> this should work:
>>>>>
>>>>> var source1 = new dojo.dnd.Source("itemListNode");
>>>>> var source2 = new dojo.dnd.Target("selectedListNode");
>>>>> dojo.connect( source1, "onDndDrop",
>>>>> function(source, nodes, copy, target){
>>>>> //gather items and details
>>>>> var details = [];
>>>>> for( i=0; i < nodes.length; i++){
>>>>> var item = this.getItem(nodes[i].id);
>>>>> details.push(item.data);
>>>>> }
>>>>> //send details to server via AJAX POST request
>>>>> dojo.xhrPost({
>>>>> url: "/save_details/",
>>>>> content: {details: JSON.stringify(details)},
>>>>> // The success handler
>>>>> load: function(response) {
>>>>> alert('ok');
>>>>> },
>>>>> // The error handler
>>>>> error: function() {
>>>>> alert("error");
>>>>> }
>>>>> });
>>>>> });
>>>>>
>>>>> Explanation:
>>>>>
>>>>> - changed 'item' to 'var item' ... without the 'var' item will be
>>>>> global, which is probably not what you want.
>>>>> - to get around making multiple requests to the server(one for each
>>>>> dropped node), put the detail of each node in the details array.
>>>>> - then json-encode and send this array to your django view (assumed to
>>>>> be at '/save_details/')
>>>>> - in the view, access the list as
>>>>> json.loads(request.POST.get('details', '[]')) and place it into
>>>>> request.session
>>>>>
>>>>> As mentioned, the code is completely untested.
>>>>>
>>>>> Good luck!
>>>>>
>>>>> Yours,
>>>>>
>>>>> Hendrik Speidel
>>>>>
>>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/django-users/-/CWKY_xRFelAJ.
>> To post to this group, send email to [email protected].
>> To unsubscribe from this group, send email to
>> [email protected].
>> For more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.
>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/django-users/-/zX59VNkLB-gJ.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/django-users/-/N-eCfKkE6roJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
