Re: POSTing data to a django view from a stand alone script with CSRF

On 12/08/2014 09:51 AM, Larry Martell wrote: > Right, but anyone can write a script to bypass the CSRF protection. I > was surprised that it would be so easy to do that. I guess that's not > what CSRF was designed to protect against. Right. There's no such thing as a CSRF attack via script. The

Re: POSTing data to a django view from a stand alone script with CSRF

On Mon, Dec 8, 2014 at 11:44 AM, Carl Meyer wrote: > Hi Larry, > > On 12/08/2014 07:14 AM, Larry Martell wrote: >> On Sat, Dec 6, 2014 at 1:41 AM, James Schneider >> wrote: >>> Check out Collin's email from earlier, it has an example using curl but you

Re: POSTing data to a django view from a stand alone script with CSRF

Hi Larry, On 12/08/2014 07:14 AM, Larry Martell wrote: > On Sat, Dec 6, 2014 at 1:41 AM, James Schneider > wrote: >> Check out Collin's email from earlier, it has an example using curl but you >> should be able to adapt your web request with the cookie and POST values

Re: POSTing data to a django view from a stand alone script with CSRF

On Sat, Dec 6, 2014 at 1:41 AM, James Schneider wrote: > Check out Collin's email from earlier, it has an example using curl but you > should be able to adapt your web request with the cookie and POST values via > the python script. The cookie and POST values for the CSRF

Re: POSTing data to a django view from a stand alone script with CSRF

Hallöchen! Larry Martell writes: > I have a django view that normally receives POSTed data from a web > page. That all works fine. But now we also want to call that view from > a python script. That is failing with a 403 because of a CSRF > mismatch. I can disable CSRF on my view and then it

Re: POSTing data to a django view from a stand alone script with CSRF

Hi Larry, On 12/05/2014 09:16 PM, Larry Martell wrote: > I have a django view that normally receives POSTed data from a web > page. That all works fine. But now we also want to call that view from > a python script. That is failing with a 403 because of a CSRF > mismatch. I can disable CSRF on my

Re: POSTing data to a django view from a stand alone script with CSRF

Check out Collin's email from earlier, it has an example using curl but you should be able to adapt your web request with the cookie and POST values via the python script. The cookie and POST values for the CSRF token can be anything, they just need to match.