Thanks, for the response. I had a problem like this I was trying to create a storesite which can be worked without django framework but using django. i.e just static template index.html & a java-script file. With all the stuff dynamically generated & only urls by the django, so that anybody can use my index.html, just calls my server for the url to display dynamic content using users information. so for this purpose I had a cookies resided in my browser and I was trying to create database objecst using javascript with api urls.
When I studied CSRF in detail, I understood that, *private dynamic javascript cookies *cannot be directly used to retrieve or access the database related to your site. Hence, my javascript was considered by django as a *malicious/attack *content and thrown a 403 forbidden error. So I was trying to remove the CSRF from my project. But* Failed. Due to the same reason as you guys have told me.* * So on understanding CSRF just removed code of cookies & just added parameters to url just before when user refreshes the page. And whole thing worked. That was the Great experience.* * * *anyways,* *Plz tell me if I can hv any other method to do this. adding parameters to url is definitely not secure always.* * * *One more thing I am using csrf_exempt to handle api views.* * * *Thanks a lot again.* * * On Sat, Oct 6, 2012 at 4:38 AM, Bill Freeman <ke1g...@gmail.com> wrote: > Right you are. > > On Fri, Oct 5, 2012 at 6:20 PM, Ian Clelland <clell...@gmail.com> wrote: > > > > > > On Friday, October 5, 2012, Bill Freeman wrote: > >> > >> I believe that I read somewhere that newer Djangos force the CSRF > >> middleware even if it's not listed in MIDDLEWARE_CLASSES. > > > > > > You might be thinking of the CSRF context processor, which is always > > enabled, no matter what is in settings. Even the most recent docs don't > say > > anything about forcing the middleware. > >> > >> > >> You could dive into the middleware code to see how this happens, and > >> come up with a stable strategy to circumvent it. Or you could just > >> fix the necessary views and templates. There is, after all, a chance > >> that you will want to be able to upgrade this site without jumping > >> through hoops. > >> > >> On Thu, Oct 4, 2012 at 4:56 AM, Laxmikant Gurnalkar > >> <laxmikant.gurnal...@gmail.com> wrote: > >> > Hi, Guys > >> > > >> > Disabling CSRF is not working. > >> > These are my midlewares., Removed {% csrf_token %} all templates. > >> > > >> > MIDDLEWARE_CLASSES = ( > >> > 'django.middleware.common.CommonMiddleware', > >> > 'django.contrib.sessions.middleware.SessionMiddleware', > >> > # 'django.middleware.csrf.CsrfViewMiddleware', > >> > 'django.contrib.auth.middleware.AuthenticationMiddleware', > >> > # 'django.contrib.messages.middleware.MessageMiddleware', > >> > # 'django.middleware.csrf.CsrfResponseMiddleware', > >> > # 'igp_acfs.acfs.disablecsrf.DisableCSRF', > >> > ) > >> > > >> > > >> > Also tried by writing disablecsrf.py like this : > >> > > >> > class DisableCSRF(object): > >> > def process_request(self, request): > >> > """ > >> > """ > >> > setattr(request, '_dont_enforce_csrf_checks', True) > >> > > >> > > >> > Thanks in Advance!!! > >> > > >> > Laxmikant > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Django users" group. > >> > To post to this group, send email to django-users@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > django-users+unsubscr...@googlegroups.com. > >> > For more options, visit this group at > >> > http://groups.google.com/group/django-users?hl=en. > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Django users" group. > >> To post to this group, send email to django-users@googlegroups.com. > >> To unsubscribe from this group, send email to > >> django-users+unsubscr...@googlegroups.com. > >> For more options, visit this group at > >> http://groups.google.com/group/django-users?hl=en. > >> > > > > > > -- > > Regards, > > Ian Clelland > > <clell...@gmail.com> > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Django users" group. > > To post to this group, send email to django-users@googlegroups.com. > > To unsubscribe from this group, send email to > > django-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > > http://groups.google.com/group/django-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- * GlxGuru * -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.