Thanks, for the response.
I had a problem like this
I was trying to create a storesite which can be worked without django
framework but using django. i.e just static template index.html &
a java-script file. With all the stuff dynamically generated & only urls by
the django, so that anybody can use my index.html, just calls my server for
the url to display dynamic content using users information.
so for this purpose I had a cookies resided in my browser and I was trying
to create database objecst using javascript with api urls.
When I studied CSRF in detail, I understood that, *private dynamic
javascript cookies *cannot be directly used to retrieve or access the
database related to your site. Hence, my javascript was considered by
django as a *malicious/attack *content and thrown a 403 forbidden error. So
I was trying to remove the CSRF from my project. But* Failed. Due to the
same reason as you guys have told me.*
* So on understanding CSRF just removed code of cookies & just added
parameters to url just before when user refreshes the page. And whole thing
worked. That was the Great experience.*
*
*
*anyways,*
*Plz tell me if I can hv any other method to do this. adding parameters to
url is definitely not secure always.*
*
*
*One more thing I am using csrf_exempt to handle api views.*
*
*
*Thanks a lot again.*
*
*
On Sat, Oct 6, 2012 at 4:38 AM, Bill Freeman <ke1g...@gmail.com> wrote:
> Right you are.
>
> On Fri, Oct 5, 2012 at 6:20 PM, Ian Clelland <clell...@gmail.com> wrote:
> >
> >
> > On Friday, October 5, 2012, Bill Freeman wrote:
> >>
> >> I believe that I read somewhere that newer Djangos force the CSRF
> >> middleware even if it's not listed in MIDDLEWARE_CLASSES.
> >
> >
> > You might be thinking of the CSRF context processor, which is always
> > enabled, no matter what is in settings. Even the most recent docs don't
> say
> > anything about forcing the middleware.
> >>
> >>
> >> You could dive into the middleware code to see how this happens, and
> >> come up with a stable strategy to circumvent it. Or you could just
> >> fix the necessary views and templates. There is, after all, a chance
> >> that you will want to be able to upgrade this site without jumping
> >> through hoops.
> >>
> >> On Thu, Oct 4, 2012 at 4:56 AM, Laxmikant Gurnalkar
> >> <laxmikant.gurnal...@gmail.com> wrote:
> >> > Hi, Guys
> >> >
> >> > Disabling CSRF is not working.
> >> > These are my midlewares., Removed {% csrf_token %} all templates.
> >> >
> >> > MIDDLEWARE_CLASSES = (
> >> > 'django.middleware.common.CommonMiddleware',
> >> > 'django.contrib.sessions.middleware.SessionMiddleware',
> >> > # 'django.middleware.csrf.CsrfViewMiddleware',
> >> > 'django.contrib.auth.middleware.AuthenticationMiddleware',
> >> > # 'django.contrib.messages.middleware.MessageMiddleware',
> >> > # 'django.middleware.csrf.CsrfResponseMiddleware',
> >> > # 'igp_acfs.acfs.disablecsrf.DisableCSRF',
> >> > )
> >> >
> >> >
> >> > Also tried by writing disablecsrf.py like this :
> >> >
> >> > class DisableCSRF(object):
> >> > def process_request(self, request):
> >> > """
> >> > """
> >> > setattr(request, '_dont_enforce_csrf_checks', True)
> >> >
> >> >
> >> > Thanks in Advance!!!
> >> >
> >> > Laxmikant
> >> >
> >> > --
> >> > You received this message because you are subscribed to the Google
> >> > Groups
> >> > "Django users" group.
> >> > To post to this group, send email to django-users@googlegroups.com.
> >> > To unsubscribe from this group, send email to
> >> > django-users+unsubscr...@googlegroups.com.
> >> > For more options, visit this group at
> >> > http://groups.google.com/group/django-users?hl=en.
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Django users" group.
> >> To post to this group, send email to django-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> django-users+unsubscr...@googlegroups.com.
> >> For more options, visit this group at
> >> http://groups.google.com/group/django-users?hl=en.
> >>
> >
> >
> > --
> > Regards,
> > Ian Clelland
> > <clell...@gmail.com>
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Django users" group.
> > To post to this group, send email to django-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > django-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/django-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>
--
*
GlxGuru
*
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
