See, if this
helps: https://stackoverflow.com/questions/8614947/jquery-and-django-csrf-token
On Tuesday, November 7, 2017 at 10:25:47 PM UTC+5:30, Tony King wrote:
>
>
> Hi,
>
> I thought I'd finally understood this but it seems I have not and I've
> spent far too much time trying to do it myself.
>
> I have a view rendering to the template below, which is displaying a
> number of buttons that when clicked will execute another Python function in
> the views.py. This works fine if I disable the CSRF protection but as I've
> read this is not good practice, I'm desperately trying to get the token
> included in POST request. I thought I'd finally cracked it yesterday
> having found the sample code in the documentation and indeed it appeared to
> work until first I tried my project in a different browser and then
> subsequently cleared the cache of Chrome.
>
> What am I doing wrong here?
>
> I've not included the views.py as I'm assuming the issue is in the
> JavaScript.
>
>
> index.html
> {% load static %}
>
> <head>
> <!-- <script src="{% static 'jquery-3.2.1.min.js' %}"></script> -->
> <!-- <script src="static/jquery-3.2.1.min.js"></script> -->
> <script src="
> https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js";></script
> >
> </head>
>
> <script>
> function getCookie(name) {
> var cookieValue = null;
> if (document.cookie && document.cookie !== '') {
> var cookies = document.cookie.split(';');
> for (var i = 0; i < cookies.length; i++) {
> var cookie = jQuery.trim(cookies[i]);
> // Does this cookie string begin with the name we want?
> if (cookie.substring(0, name.length + 1) === (name + '=')) {
> cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
> break;
> }
> }
> }
> return cookieValue;
> }
> var csrftoken = getCookie('csrftoken');
> $.ajaxSetup({
> beforeSend: function(xhr, settings) {
> xhr.setRequestHeader("X-CSRFToken", csrftoken);
> }
> });
> </script>
>
> <body>
> <div>
> <h1 id='hdr_1'>{{ hdr1 }}</h1>
> </div>
>
> <table>
> <tr>
> {% if my_apps_list %}
> {% for my_apps in my_apps_list %}
> <td>
> <button type="button" id="app{{ forloop.counter }}">
> <img src="{% static my_apps.app_icon %}" alt="{{ my_apps.app_name }}"
> height="132" width="192">
> </button><br><br>
> <script>
> $("#app{{ forloop.counter }}").click( function() {
> $.post("{% url 'launch' %}",
> {'appname': '{{ my_apps.app_name }}',
> 'apppath': '{{ my_apps.app_path }}',
> 'appexe': '{{ my_apps.app_exe }}',
> 'appargs': '{{ my_apps.app_args }}',
> 'appusr': '{{ my_apps.app_user }}',
> 'apppwd': '{{ my_apps.app_pwd }}',
> 'applook4': '{{ my_apps.app_wait4 }}',
> 'appdelay': '{{ my_apps.app_delay }}',
> 'appkeys': '{{ my_apps.app_keys }}'
> }, function (msg) {
> document.getElementById('appstatus').innerHTML = msg;
> });
> });
> </script>
> </td>
> {% endfor %}
> </tr>
> </table>
>
> <br>
> <p id='appstatus'></p>
>
> {% else %}
> <p>No applications are available.</p>
> {% endif %}
>
> </body>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/78149606-ec95-458a-9af8-45f2fa138f00%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
