Hello,
I'm not quite sure what you are trying to do, but with type: "GET"
there is no need to worry about crfs_token.
>From the link you posted:
"""
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
"""
For the thing with the unexpected login ... I also think this has
nothing to do with the crfs_token thing. If you have the default
authentication running, your authentication data will be in a cookie
named session-id or so ...
of course if you mess up that cookie, you have to authenticate again.
2014-06-23 4:55 GMT+02:00 Subodh Nijsure <[email protected]>:
> [ Sorry this is duplicate as I posted previous messages without Subject: !! ]
>
> I have following ajax query that gets generated from my template.
>
> This is done after user has logged into the system. One thing I have
> noticed is very first GET request always prompts a dialog box that
> asks users to login with username and password. I have done
> console.log and csrf_token is non-null when this dialog is shown. Does
> anybody have idea why this happens on all subsequnt reloads of this
> page I never get prompted to enter username & password.
>
> $.ajax({
> type: "GET",
> withCredentials: true,
> async: false,
> url: "/api/v1/myurl/",
> data: {
> csrfmiddlewaretoken: '{{ csrf_token }}'
> },
> success: function( json) {
> });
>
> It was suggested to me that I should follow this and make sure that
> csrf token is present in the header.
>
>
> https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax
>
> I have made sure that in my javascript I have recommended code that
> set the Requestheader but that doesn't help!
>
> Can anyone help me with this?
>
> -Subodh
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at http://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/CALr9Q3a-hqk5fA1TP_3RZetv3gVh-D%2BR4kK0kBfeHBGz%3D0v9xQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CAL2Rd%3DJV3ZSPposHvVoCHNRNMoSXRrEPRgbRw3niSS4S_k1XJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
