Re: Security in AJAX POSTing

Oh awesome! I didn't know that, and yes it helps a lot! I suppose I could compliment this with the request.is_ajax() and I'm all set. Thanks again! Taylor On Dec 19, 5:47 am, Srdjan Popovic wrote: > Taylor, > > If you are worried about POST data submitted

Re: Security in AJAX POSTing

Taylor, If you are worried about POST data submitted through Ajax request coming from another site, you should remember that browsers do not allow XMLHttpRequest to be sent to other domains. Having said that, you can still use the CSRF middleware for your non-Ajax requests. A couple of

Re: Security in AJAX POSTing

Yay!! Now I can sleep tonight! So the docs say this about the CSRF middleware: "It may still be possible to use the middleware, provided you can find some way to get the CSRF token and ensure that is included when your form is submitted." Has anyone found that way, or can anyone point me in

Re: Security in AJAX POSTing

> Each of my views use the @login_required decorator, is there anything > else I need to do to ensure that the user is logged in and active > (i.e. do I need to check user.is_active)? The meaning of is_active is an application decision. It's just a field on the model, you can do whatever you

Re: Security in AJAX POSTing

On 18 déc, 23:20, Taylor wrote: > I'm working on a game in Django where the majority of the interaction > comes through clicks that run JavaScript methods that use jQuery's > $.post() to post data to a url. To protect against cheaters and bots, > I must ensure that every post

Security in AJAX POSTing

I'm working on a game in Django where the majority of the interaction comes through clicks that run JavaScript methods that use jQuery's $.post() to post data to a url. To protect against cheaters and bots, I must ensure that every post is made by a logged-in user and protect against cross-site