[mezzanine-users] Re: admin_keywords_submit 403 Forbidden

Thu, 10 Dec 2015 17:23:04 -0800 

Hello, Joel

I had exactly the same problem.
When you save a page, an ajax script also saves keywords, which is POST and 
requires CSRF token. It should be set by 
$.ajaxSetup({ beforeSend: function(xhr, settings) { if 
(!csrfSafeMethod(settings.type) && sameOrigin(settings.url)) { // Send the 
token to same-origin, relative URLs only. // Send the token only if the 
method warrants CSRF protection // Using the CSRFToken value acquired 
earlier xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); } }});
});

But, I had a separate copy of Jquery (for my smart_selects app)
I think, beforeSend just set it for that copy, and not for the one used 
when ajax'ing keywords (i.e., 'regular'), or, maybe, did not set it at all;
 so, I just set my smart_selects to use the admin's copy of Jquery. It 
works now.

Hope, it helps.

On Friday, December 11, 2015 at 1:16:26 AM UTC+9, Joel Gwynn wrote:
>
> I've added autocomplete light to my admin page by making my own copy of 
> base_site.html and adding the autocomplete code, as per the quick-start 
> guide 
> https://django-autocomplete-light.readthedocs.org/en/hvad-support/quick.html
>
> So in my extrahead block I have:
>
> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"; 
> type="text/javascript"></script>
> {% include 'autocomplete_light/static.html' %}
>
> When I go to save a page, however, it doesn't save, and I get
>
> http://localhost:8000/admin_keywords_submit/ Failed to load resource: the 
> server responded with a status of 403 (FORBIDDEN)
>
> I can save my own models just fine, and I can also save users, just not 
> pages.  According to google, it may have something to do with the CSRF 
> token not being sent.  In the request, I see that it's being sent in the 
> cookie, but not in the header.
>
> I see that this has been a problem in the past.  I'm using mezzanine 4.0.1 
> and django 1.8.7
>
> TIA,
> Joel
>

-- 
Privacy Policy 
<https://intetour.com/blog/o-kompanii/zashchita-personalnykh-dannykh/> | Terms 
of Service <https://intetour.com/blog/o-kompanii/terms-of-use/> | Cancellations 
& amendments policy 
<https://intetour.com/blog/o-kompanii/cancellations-amendments-policy/>

-- 
You received this message because you are subscribed to the Google Groups 
"Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to