Oh awesome! I didn't know that, and yes it helps a lot!
I suppose I could compliment this with the request.is_ajax() and I'm
all set.
Thanks again!
Taylor
On Dec 19, 5:47 am, Srdjan Popovic
wrote:
> Taylor,
>
> If you are worried about POST data submitted
Taylor,
If you are worried about POST data submitted through Ajax request
coming from another site, you should remember that browsers do not
allow XMLHttpRequest to be sent to other domains. Having said that,
you can still use the CSRF middleware for your non-Ajax requests. A
couple of
Yay!! Now I can sleep tonight!
So the docs say this about the CSRF middleware: "It may still be
possible to use the middleware, provided you can find some way to get
the CSRF token and ensure that is included when your form is
submitted."
Has anyone found that way, or can anyone point me in
> Each of my views use the @login_required decorator, is there anything
> else I need to do to ensure that the user is logged in and active
> (i.e. do I need to check user.is_active)?
The meaning of is_active is an application decision. It's just a field
on the model, you can do whatever you
On 18 déc, 23:20, Taylor wrote:
> I'm working on a game in Django where the majority of the interaction
> comes through clicks that run JavaScript methods that use jQuery's
> $.post() to post data to a url. To protect against cheaters and bots,
> I must ensure that every post
I'm working on a game in Django where the majority of the interaction
comes through clicks that run JavaScript methods that use jQuery's
$.post() to post data to a url. To protect against cheaters and bots,
I must ensure that every post is made by a logged-in user and protect
against cross-site
6 matches
Mail list logo