subject:"Re\: CSRF in javascript"

Re: CSRF in javascript

2013-07-21 Thread Karl Arunachal

Ok! I will check. Thank you!


On Sun, Jul 21, 2013 at 4:27 AM, Fred Stluka  wrote:

>  Karl,
>
> You are calling render_to_response() wrong.  See the docs at:
>
> https://docs.djangoproject.com/en/dev/topics/http/shortcuts/#render-to-response
>
> Instead of:
>
>
> variables = RequestContext(request, {
> 'bookmarks':[bookmark],
> 'show_edit':True,
> 'show_tags':True
> })
> return render_to_response('bookmark_list.html', variables)
>
> try:
>
> variables = {
>
> 'bookmarks':[bookmark],
> 'show_edit':True,
> 'show_tags':True
> }
> return render_to_response('bookmark_list.html', variables,
> RequestContext(request))
>
>
> --Fred
> --
> Fred Stluka -- mailto:f...@bristle.com  --
> http://bristle.com/~fred/
> Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
> Open Source: Without walls and fences, we need no Windows or Gates.
> --
>
> On 7/20/13 3:39 PM, Karl Arunachal wrote:
>
>   I am sorry, i am really new to this things. Could you please point me
> out as to where I should add it.
>
> *js file:
>
> *function bookmark_edit() {
> var item = $(this).parent();
> var url = item.find(".title").attr("href");
> item.load("/save/?ajax=" + escape(url), null, function () {
> $("#save-form").submit(bookmark_save);
> });
> return false;
> }
>
> $(document).ready(function () {
> $("ul.bookmarks .edit").click(bookmark_edit);
> });
>
> function bookmark_save() {
> var item = $(this).parent();
> var data = {
> url: item.find("#id_url").val(),
> title: item.find("#id_title").val(),
> tags: item.find("#id_tags").val()
> };
> $.post("/save/?ajax", data, function (result) {
> if (result != "failure") {
> item.before($("li", result).get(0));
> item.remove();
> $("ul.bookmarks .edit").click(bookmark_edit);
> }
> else {
> alert("Failed to validate bookmark before saving.");
> }
> })
> return false;
> }
>
>  *save_form.html:
>
> *
> {% csrf_token %}
> {{form.as_p}}
> 
> 
>
>
>
>  *user_page.html:*
>
> {% extends "base.html" %}
> {% block external %}
> 
> {% endblock %}
> {% block title %} {{username}} {% endblock %}
> {% block head %} Bookmarks for {{username}} {% endblock %}
> {% block content %}
> {% include "bookmark_list.html" %}
> {% endblock %}
>
>
>  *views.py:*
>
> @login_required(login_url='/login/')
> def bookmark_save_page(request):
> ajax = request.GET.has_key('ajax')
> if request.method == 'POST':
> form = BookmarkSaveForm(request.POST)
> if form.is_valid():
> bookmark = _bookmark_save(request, form)
> if ajax:
> variables = RequestContext(request, {
> 'bookmarks':[bookmark],
> 'show_edit':True,
> 'show_tags':True
> })
> return render_to_response('bookmark_list.html', variables)
> else:
> return HttpResponseRedirect('/user/%s/' %
> request.user.username
> )
> else:
> if ajax:
> return HttpResponseRedirect('failure')
> elif request.GET.has_key('url'):
> url = request.GET['url']
> title = ''
> tags = ''
>
> try:
> link = Link.objects.get(url=url)
> bookmark = Bookmark.objects.get(
> link=link,
> user = request.user
> )
> title = bookmark.title
> tags = ' '.join(
> tag.name for tag in bookmark.tag_set.all()
> )
> except ObjectDoesNotExist:
> pass
> form = BookmarkSaveForm({
> 'url':url,
> 'title':title,
> 'tags':tags
> })
> else:
> form = BookmarkSaveForm()
>
> variables = RequestContext(request, {
> 'form': form
> })
> if ajax:
> return render_to_response(
> 'bookmark_save_form.html',
> variables
> )
> else:
> return render_to_response('bookmark_save.html',variables)
>
>  Please help me out. Thank you.
>
>
>  On Sun, Jul 21, 2013 at 12:53 AM, Fred Stluka  wrote:
>
>>  Karl,
>>
>> Since you already have a form, and are already submitting it
>> as an Ajax request via JavaScript, the easiest way is to just
>> put the {% csrf_token %} in the Django template for the page.
>> We do that for our Ajax forms.
>>
>> If you are not using a Django template to generate the form,
>> there are lots of other convenient

Re: CSRF in javascript

2013-07-20 Thread Fred Stluka


Karl,

You are calling render_to_response() wrong.  See the docs at:

https://docs.djangoproject.com/en/dev/topics/http/shortcuts/#render-to-response


Instead of:

variables = RequestContext(request, {
'bookmarks':[bookmark],
'show_edit':True,
'show_tags':True
})
return render_to_response('bookmark_list.html', variables)

try:

variables = {
'bookmarks':[bookmark],
'show_edit':True,
'show_tags':True
}
return render_to_response('bookmark_list.html', 
variables, RequestContext(request))


--Fred

Fred Stluka -- mailto:f...@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.


On 7/20/13 3:39 PM, Karl Arunachal wrote:
I am sorry, i am really new to this things. Could you please point me 
out as to where I should add it.


_js file:

_function bookmark_edit() {
var item = $(this).parent();
var url = item.find(".title").attr("href");
item.load("/save/?ajax=" + escape(url), null, function () {
$("#save-form").submit(bookmark_save);
});
return false;
}

$(document).ready(function () {
$("ul.bookmarks .edit").click(bookmark_edit);
});

function bookmark_save() {
var item = $(this).parent();
var data = {
url: item.find("#id_url").val(),
title: item.find("#id_title").val(),
tags: item.find("#id_tags").val()
};
$.post("/save/?ajax", data, function (result) {
if (result != "failure") {
item.before($("li", result).get(0));
item.remove();
$("ul.bookmarks .edit").click(bookmark_edit);
}
else {
alert("Failed to validate bookmark before saving.");
}
})
return false;
}

_save_form.html:

_
{% csrf_token %}
{{form.as_p}}





_user_page.html:_

{% extends "base.html" %}
{% block external %}


{% endblock %}
{% block title %} {{username}} {% endblock %}
{% block head %} Bookmarks for {{username}} {% endblock %}
{% block content %}
{% include "bookmark_list.html" %}
{% endblock %}


_views.py:_

@login_required(login_url='/login/')
def bookmark_save_page(request):
ajax = request.GET.has_key('ajax')
if request.method == 'POST':
form = BookmarkSaveForm(request.POST)
if form.is_valid():
bookmark = _bookmark_save(request, form)
if ajax:
variables = RequestContext(request, {
'bookmarks':[bookmark],
'show_edit':True,
'show_tags':True
})
return render_to_response('bookmark_list.html', variables)
else:
return HttpResponseRedirect('/user/%s/' % 
request.user.username

)
else:
if ajax:
return HttpResponseRedirect('failure')
elif request.GET.has_key('url'):
url = request.GET['url']
title = ''
tags = ''

try:
link = Link.objects.get(url=url)
bookmark = Bookmark.objects.get(
link=link,
user = request.user
)
title = bookmark.title
tags = ' '.join(
tag.name  for tag in bookmark.tag_set.all()
)
except ObjectDoesNotExist:
pass
form = BookmarkSaveForm({
'url':url,
'title':title,
'tags':tags
})
else:
form = BookmarkSaveForm()

variables = RequestContext(request, {
'form': form
})
if ajax:
return render_to_response(
'bookmark_save_form.html',
variables
)
else:
return render_to_response('bookmark_save.html',variables)

Please help me out. Thank you.


On Sun, Jul 21, 2013 at 12:53 AM, Fred Stluka > wrote:


Karl,

Since you already have a form, and are already submitting it
as an Ajax request via JavaScript, the easiest way is to just
put the {% csrf_token %} in the Django template for the page.
We do that for our Ajax forms.

If you are not using a Django template to generate the form,
there are lots of other convenient options.  See:
- https://docs.djangoproject.com/en/dev/ref/contrib/csrf/
and especially:
- https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax

Also, you can find tons of working examples by Googling:
django csrf ajax

--Fred

Re: CSRF in javascript

2013-07-20 Thread Karl Arunachal

I am sorry, i am really new to this things. Could you please point me out
as to where I should add it.

*js file:

*function bookmark_edit() {
var item = $(this).parent();
var url = item.find(".title").attr("href");
item.load("/save/?ajax=" + escape(url), null, function () {
$("#save-form").submit(bookmark_save);
});
return false;
}

$(document).ready(function () {
$("ul.bookmarks .edit").click(bookmark_edit);
});

function bookmark_save() {
var item = $(this).parent();
var data = {
url: item.find("#id_url").val(),
title: item.find("#id_title").val(),
tags: item.find("#id_tags").val()
};
$.post("/save/?ajax", data, function (result) {
if (result != "failure") {
item.before($("li", result).get(0));
item.remove();
$("ul.bookmarks .edit").click(bookmark_edit);
}
else {
alert("Failed to validate bookmark before saving.");
}
})
return false;
}

*save_form.html:

*
{% csrf_token %}
{{form.as_p}}





*user_page.html:*

{% extends "base.html" %}
{% block external %}

{% endblock %}
{% block title %} {{username}} {% endblock %}
{% block head %} Bookmarks for {{username}} {% endblock %}
{% block content %}
{% include "bookmark_list.html" %}
{% endblock %}


*views.py:*

@login_required(login_url='/login/')
def bookmark_save_page(request):
ajax = request.GET.has_key('ajax')
if request.method == 'POST':
form = BookmarkSaveForm(request.POST)
if form.is_valid():
bookmark = _bookmark_save(request, form)
if ajax:
variables = RequestContext(request, {
'bookmarks':[bookmark],
'show_edit':True,
'show_tags':True
})
return render_to_response('bookmark_list.html', variables)
else:
return HttpResponseRedirect('/user/%s/' %
request.user.username
)
else:
if ajax:
return HttpResponseRedirect('failure')
elif request.GET.has_key('url'):
url = request.GET['url']
title = ''
tags = ''

try:
link = Link.objects.get(url=url)
bookmark = Bookmark.objects.get(
link=link,
user = request.user
)
title = bookmark.title
tags = ' '.join(
tag.name for tag in bookmark.tag_set.all()
)
except ObjectDoesNotExist:
pass
form = BookmarkSaveForm({
'url':url,
'title':title,
'tags':tags
})
else:
form = BookmarkSaveForm()

variables = RequestContext(request, {
'form': form
})
if ajax:
return render_to_response(
'bookmark_save_form.html',
variables
)
else:
return render_to_response('bookmark_save.html',variables)

Please help me out. Thank you.


On Sun, Jul 21, 2013 at 12:53 AM, Fred Stluka  wrote:

>  Karl,
>
> Since you already have a form, and are already submitting it
> as an Ajax request via JavaScript, the easiest way is to just
> put the {% csrf_token %} in the Django template for the page.
> We do that for our Ajax forms.
>
> If you are not using a Django template to generate the form,
> there are lots of other convenient options.  See:
> - https://docs.djangoproject.com/en/dev/ref/contrib/csrf/
> and especially:
> - https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax
>
> Also, you can find tons of working examples by Googling:
> django csrf ajax
>
> --Fred
> --
> Fred Stluka -- mailto:f...@bristle.com  --
> http://bristle.com/~fred/
> Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
> Open Source: Without walls and fences, we need no Windows or Gates.
> --
>
> On 7/20/13 3:05 PM, Karl Arunachal wrote:
>
>   Hi,
>  In my users page, i have in place editing with ajax. And when i click
> edit, it works fine. But when i submit the form, it don't do anything. When
> i checked, this is the error:
>
> CSRF verification failed. Request aborted.
>
>  So, how do I place {% csrf_token %} in my javascript? Please advice.
>
>  Thank you.
>  --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Django users"

Re: CSRF in javascript

2013-07-20 Thread Fred Stluka


Karl,

Since you already have a form, and are already submitting it
as an Ajax request via JavaScript, the easiest way is to just
put the {% csrf_token %} in the Django template for the page.
We do that for our Ajax forms.

If you are not using a Django template to generate the form,
there are lots of other convenient options.  See:
- https://docs.djangoproject.com/en/dev/ref/contrib/csrf/
and especially:
- https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax

Also, you can find tons of working examples by Googling:
django csrf ajax

--Fred

Fred Stluka -- mailto:f...@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.


On 7/20/13 3:05 PM, Karl Arunachal wrote:

Hi,
In my users page, i have in place editing with ajax. And when i click 
edit, it works fine. But when i submit the form, it don't do anything. 
When i checked, this is the error:

|CSRF verification failed. Request aborted.|
So, how do I place {% csrf_token %} in my javascript? Please advice.

Thank you.
--
You received this message because you are subscribed to the Google 
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to django-users+unsubscr...@googlegroups.com.

To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.




--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: CSRF in javascript

Re: CSRF in javascript

Re: CSRF in javascript

Re: CSRF in javascript

4 matches

Site Navigation

Mail list logo

Footer information