Re: CSRF token missing on models with a file/imagefield

t;> I have a project which is set up on AWS using lambda, s3, ... >>>>> >>>>> Because it is still in production we are using DjangoAdmin to manage >>>>> the data in it. >>>>> All of my models work fine when I try to save them excep

Re: CSRF token missing on models with a file/imagefield

ecember 2021 at 14:13:23 UTC Yorben Verhoest wrote: >>> >>>> I have a project which is set up on AWS using lambda, s3, ... >>>> >>>> Because it is still in production we are using DjangoAdmin to manage >>>> the data in it. >>&g

Re: CSRF token missing on models with a file/imagefield

>> All of my models work fine when I try to save them except the ones that >>> have a filefield or imagefield in them. When I save those, I get a 403 - >>> CSRF token missing error. >>> >>> The weird thing is, working on localhost, It works perfe

Re: CSRF token missing on models with a file/imagefield

ction we are using DjangoAdmin to manage the >> data in it. >> All of my models work fine when I try to save them except the ones that >> have a filefield or imagefield in them. When I save those, I get a 403 - >> CSRF token missing error. >> >> The weird thi

Re: CSRF token missing on models with a file/imagefield

e > data in it. > All of my models work fine when I try to save them except the ones that > have a filefield or imagefield in them. When I save those, I get a 403 - > CSRF token missing error. > > The weird thing is, working on localhost, It works perfectly, it even > saves the file

CSRF token missing on models with a file/imagefield

- CSRF token missing error. The weird thing is, working on localhost, It works perfectly, it even saves the files correctly into the s3 bucket. but once deployed on AWS Lambda, it throws me this error. Anybody else had this problem? I've been searching for answers this whole past week.. Thanks

Re: [API] Send csrf token and retrieve with javascript?

gon...@gmail.com> wrote: > I am building a django api to be used in a front end of another server, > how do I send the csrf token and how do I retrieve it in the front end with > javascript? > > Currently my posts.py file looks like this: > ```python > from django.http

Re: Send csrf token and retrieve with javascript?

gt; how do I send the csrf token and how do I retrieve it in the front end with > javascript? > > Currently my posts.py file looks like this: > ```python > from django.http import HttpResponse > from django.views.decorators.csrf import ensure_csrf_cookie > > @ensure_csrf_c

Send csrf token and retrieve with javascript?

I am building a django api to be used in a front end of another server, how do I send the csrf token and how do I retrieve it in the front end with javascript? Currently my posts.py file looks like this: ```python from django.http import HttpResponse from django.views.decorators.csrf import

[API] Send csrf token and retrieve with javascript?

I am building a django api to be used in a front end of another server, how do I send the csrf token and how do I retrieve it in the front end with javascript? Currently my posts.py file looks like this: ```python from django.http import HttpResponse from django.views.decorators.csrf import

Re: CSRF verification failed, 'CSRF token missing or incorrect'

> > It should be like this-> > {% csrf_token %} {{ form.as_p }} {% for field, errors in form.errors.items %} {{ errors }} {% endfor %} -- You received this message because you are subscribed to the Google Groups "Django users"

Re: CSRF verification failed, 'CSRF token missing or incorrect'

form with username and password, I get this >> error message: >> 'CSRF token missing or incorrect'. >> >> The CSRF token is not missing at least. >> Here is where I included it in my form in my .html template: >> >> In **index.html:** >> >>

Re: CSRF verification failed, 'CSRF token missing or incorrect'

can i see the error log On Mon, Jun 29, 2020 at 7:06 AM Shinster wrote: > When I try to submit a Django form with username and password, I get this > error message: > 'CSRF token missing or incorrect'. > > The CSRF token is not missing at least. > Here is where I included i

CSRF verification failed, 'CSRF token missing or incorrect'

When I try to submit a Django form with username and password, I get this error message: 'CSRF token missing or incorrect'. The CSRF token is not missing at least. Here is where I included it in my form in my .html template: In **index.html:** {% csrf_token %} {{ form.as_p

Re: CSRF token still needed today?

19 apr. 2020 kl 22:12 skrev guettli < >>> guettl...@thomas-guettler.de>: >>> >>>> iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/ >>>> ... and then I look at this page: >>>> https://scotthelme.co.uk/csrf-is-dead/ >>>>

Re: CSRF token still needed today?

The original blog post you posted seems to answer this question. Further it states "It's going to be a long time until we can consider removing traditional anti-CSRF mechanisms but adding SameSite on top of those gives us an incredibly robust defence." Like most things in security, I think this is

Re: CSRF token still needed today?

Am Sonntag, 19. April 2020 23:11:59 UTC+2 schrieb Alex Heyden: > > Django supports samesite on session cookies now, and it's on (set to lax) > by default. Whether or not that completely covers your surface risk to CSRF > attacks is a somewhat different question. > > AFAIK they can not happen.

Re: CSRF token still needed today?

ject.com/en/3.0/ref/csrf/ >> ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/ >> >> Is a CSRF token still needed today? >> >> All my users use a modern browser. >> >> It would be very nice if I could get rid of the CSRF token. >> >

Re: CSRF token still needed today?

t; >> >> Den sön 19 apr. 2020 kl 22:12 skrev guettli > >: >> >>> iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/ >>> ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/ >>> >>> Is a CSRF tok

Re: CSRF token still needed today?

gards, > > Andréas > > > Den sön 19 apr. 2020 kl 22:12 skrev guettli < > guettli.goo...@thomas-guettler.de>: > >> iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/ >> ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dea

Re: CSRF token still needed today?

ge: https://docs.djangoproject.com/en/3.0/ref/csrf/ > ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/ > > Is a CSRF token still needed today? > > All my users use a modern browser. > > It would be very nice if I could get rid of the CSRF token. > > Is t

Re: CSRF token still needed today?

com/en/3.0/ref/csrf/ > ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/ > > Is a CSRF token still needed today? > > All my users use a modern browser. > > It would be very nice if I could get rid of the CSRF token. > > Is there a safe way to avoid CSR

Re: CSRF token still needed today?

On Sun, Apr 19, 2020 at 1:12 PM guettli wrote: > iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/ > ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/ > > Is a CSRF token still needed today? > > All my users use a modern browser. &g

CSRF token still needed today?

iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/ ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/ Is a CSRF token still needed today? All my users use a modern browser. It would be very nice if I could get rid of the CSRF token. Is there a safe way

Forbidden (CSRF token missing or incorrect)

Hi Django Devs, Got a problem that I don't understand what's going on or why its gone missing. Logs says: csrf.py:process_view#184: Forbidden (CSRF token missing or incorrect.) The necessary code is in there: $("document").read

Re: Forbidden (CSRF token missing or incorrect.)

Hi guys. Thank you for the answers. I forgot to tell you that I hit the server in Developement and it is http. (local) I did put these parameters in my settings.py : CSRF_COOKIE_SECURE = False SESSION_COOKIE_SECURE = False but it keeps displaying the same message : Forbidden (CSRF token

Re: Forbidden (CSRF token missing or incorrect.)

e April 2018, and it is > working just fine (I got my reasons why Django Dev). But since the last git > pull, it shows the CSRF token missing, on every page has a form with CSRF > token. > > Is there something broke or ... ? since My Django-2.2Dev before the last > "git pull" w

Re: Forbidden (CSRF token missing or incorrect.)

heck, how you access your sites, by http or https. Greetings, Andreas >> I've been using Django 2.2Dev for a while now, since April 2018, and it is >> working just fine (I got my reasons why Django Dev). But since the last git >> pull, it shows the CSRF token missing, on eve

Re: Forbidden (CSRF token missing or incorrect.)

Any Clue guys ??, Please Le mercredi 21 novembre 2018 05:38:19 UTC-8, Rabah Saadi a écrit : > > Hello, > > I've been using Django 2.2Dev for a while now, since April 2018, and it is > working just fine (I got my reasons why Django Dev). But since the last git > pull, it sh

Re: Forbidden (CSRF token missing or incorrect.)

; 200 3405 [24/Nov/2018 12:53:06] "GET /static/assets/app/media/img/client-logos/logo5.png HTTP/1.1" 200 3051 [24/Nov/2018 12:53:06] "GET /static/assets/app/media/img/client-logos/logo4.png HTTP/1.1" 200 5461 [24/Nov/2018 12:53:06] "GET /static/assets/app/media/img/products/

Re: Forbidden (CSRF token missing or incorrect.)

it shows the CSRF token missing, on every page has a form with CSRF > token. > > Is there something broke or ... ? since My Django-2.2Dev before the last > "git pull" was working just fine. > > PS : Donwgrade to Django 2.1.3 stable, works fine too. > > tha

Re: Forbidden (CSRF token missing or incorrect.)

sounds like you really should post this to the django-developers user group or the project bug tracker as a regression report. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it,

Forbidden (CSRF token missing or incorrect.)

Hello, I've been using Django 2.2Dev for a while now, since April 2018, and it is working just fine (I got my reasons why Django Dev). But since the last git pull, it shows the CSRF token missing, on every page has a form with CSRF token. Is there something broke or ... ? since My Django

Re: When I click on submit button on login page, its redirecting to an random csrf token page in django

:33 PM UTC+2, Srinivas Gadi wrote: >> >> >> When I clock on the login page, it supposed to save the data in DB but >> instead URL being redirected to csrf token page. >> >> url.py >> >> from django.conf.urls import urlfrom . import viewsfrom >>

Re: When I click on submit button on login page, its redirecting to an random csrf token page in django

Do you have 'django.middleware.csrf.CsrfViewMiddleware' in your list of middlewares in your settings? On Monday, September 24, 2018 at 2:52:33 PM UTC+2, Srinivas Gadi wrote: > > > When I clock on the login page, it supposed to save the data in DB but > instead URL being redirected t

When I click on submit button on login page, its redirecting to an random csrf token page in django

When I clock on the login page, it supposed to save the data in DB but instead URL being redirected to csrf token page. url.py from django.conf.urls import urlfrom . import viewsfrom django.contrib.auth.views import login, logout urlpatterns = [ url(r'^$', views.home), url(r'home',views.home

Re: Calling api from django view error. forbidden (csrf token is missing or incorrect)

10:22:05 PM UTC+9, Yungjae Kim wrote: >> >> You will have to either get CSRF token and send it or ignore it >> completely. csrf_exempt from django.views.decorators.csrf will be helpful. >> For HttpResponse to returning a json, pass in a stringfied dict. >> >> On Monda

Re: Calling api from django view error. forbidden (csrf token is missing or incorrect)

: > > You will have to either get CSRF token and send it or ignore it > completely. csrf_exempt from django.views.decorators.csrf will be helpful. > For HttpResponse to returning a json, pass in a stringfied dict. > > On Monday, January 22, 2018 at 5:06:35 AM UTC-5, chern.

Re: Calling api from django view error. forbidden (csrf token is missing or incorrect)

You will have to either get CSRF token and send it or ignore it completely. csrf_exempt from django.views.decorators.csrf will be helpful. For HttpResponse to returning a json, pass in a stringfied dict. On Monday, January 22, 2018 at 5:06:35 AM UTC-5, chern...@gmail.com wrote: > > The

Re: Calling api from django view error. forbidden (csrf token is missing or incorrect)

...@gmail.com wrote: > > I seen alot of other solution, tried it but problem still persist. > > When i do a requests.get, it works fine but when i'm doing requests.post. > I got this forbidden (csrf token is missing or incorrect) error. > > > Here is my code > >

Re: Calling api from django view error. forbidden (csrf token is missing or incorrect)

Hi, You seem to be doing a very complicated setup. You are creating both the api viewset and another view. First of all - why? Secondly, I am not sure that the csrf token will work when chaining your posts like that. So my main issue would be, can't you just post directly to the /api/test

Calling api from django view error. forbidden (csrf token is missing or incorrect)

I seen alot of other solution, tried it but problem still persist. When i do a requests.get, it works fine but when i'm doing requests.post. I got this forbidden (csrf token is missing or incorrect) error. Here is my code *models.py* class TestPost(models.Model): # reminderId

Re: How do I pass the CSRF token when using a jQuery post

Thanks Gourav, I have it working now and I can even understand it, which is even better. For anyone interested my revised working solution is below. I'm sure it would be better practice putting the token into the headers as described in the documentation and elsewhere but I could not get it

Re: How do I pass the CSRF token when using a jQuery post

See, if this helps: https://stackoverflow.com/questions/8614947/jquery-and-django-csrf-token On Tuesday, November 7, 2017 at 10:25:47 PM UTC+5:30, Tony King wrote: > > > Hi, > > I thought I'd finally understood this but it seems I have not and I've > spent far too much

How do I pass the CSRF token when using a jQuery post

Hi, I thought I'd finally understood this but it seems I have not and I've spent far too much time trying to do it myself. I have a view rendering to the template below, which is displaying a number of buttons that when clicked will execute another Python function in the views.py. This

if user double-clicks form submit with csrf token, even with redirect on POST browser shows 403 FORBIDDEN and csrf failed message

with mod-wsgi daemon on AWS Linux instance behind load balancing proxy server. Does anyone know what is happening here? I've thought about trying DEBUG true, but I didn't want to go down a rabbit hole just yet. thanks for any help! my form has a csrf token (on 11th line down below, sorry

Re: CSRF token missing or incorrect when uploading large file through admin interface

one of the software packages > and cannot get this to succeed in any browser, all take you back to the > page I created for CSRF errors and the server logs show: > > [27/Apr/2017 15:04:38] WARNING [django.security.csrf:160] Forbidden (CSRF > token missing or incorrect.): /app_url/

CSRF token missing or incorrect when uploading large file through admin interface

/Apr/2017 15:04:38] WARNING [django.security.csrf:160] Forbidden (CSRF token missing or incorrect.): /app_url/admin/app/modelname/instanceid/change/ I've checked in the browser and both cookie and CSRF form fields are present. I'm assuming this must be some time related issue as an upload would

Aw: React.js with django-rest-framework using SessionAuthentication: How to include CSRF-Token documentation has not helped me :/

SessionAuthentication: How to include CSRF-Token documentation has not helped me :/       -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-user

React.js with django-rest-framework using SessionAuthentication: How to include CSRF-Token documentation has not helped me :/

  Hi, I am getting crazy finding out how to submit data to the django-rest-api via react.js to include a valid CSRF token by using SessionAuthentication. My template is very basic: {% extends "base.html" %} {% load staticfiles %} {% block title %} ToDo List {% endblock %} {% blo

Re: csrf token

More friendly reply: https://docs.djangoproject.com/en/1.8/ref/csrf/ On Wed, Sep 30, 2015 at 5:18 PM, Larry Martell <larry.mart...@gmail.com> wrote: > On Wed, Sep 30, 2015 at 4:15 PM, Bhanu Kathuria > <001kathuriabh...@gmail.com> wrote: > > What is the use of csrf

Re: csrf token

On Wed, Sep 30, 2015 at 4:15 PM, Bhanu Kathuria <001kathuriabh...@gmail.com> wrote: > What is the use of csrf token in forms? http://lmgtfy.com/?q=CSRF -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from

csrf token

What is the use of csrf token in forms? -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this g

Re: NOOB exposes CSRF token. Now what?

t; I'm learning Django and still very new at it. And like a newbie, I may > have made a newbie goof. > I have leaked my CSRF token. > I am building up a web site with Django which I have under revision > control with Git. I have pushed two commits of the project out to Github. >

[Off list] NOOB exposes CSRF token. Now what?

On 25/09/2015 4:03 PM, Gordon Reeder wrote: I'm learning Django and still very new at it. And like a newbie, I may have made a newbie goof. I have leaked my CSRF token. I am building up a web site with Django which I have under revision control with Git. I have pushed two commits of the proj

Re: NOOB exposes CSRF token. Now what?

On Fri, Sep 25, 2015 at 12:01 PM, Tom Evans wrote: > However, what is stored in settings is your SECRET_KEY. If you have > leaked it, you should change it immediately. This will invalidate.. Helpfully, the django documentation for SECRET_KEY details precisely what

Re: NOOB exposes CSRF token. Now what?

On Fri, Sep 25, 2015 at 7:03 AM, Gordon Reeder <greede...@gmail.com> wrote: > I'm learning Django and still very new at it. And like a newbie, I may have > made a newbie goof. > I have leaked my CSRF token. > I am building up a web site with Django which I have under revision con

Re: NOOB exposes CSRF token. Now what?

Hello, you may force-push a new commit that removes the settings file from the GitHub repo, but if you are really paranoid, you may want to change your CSRF token in production immediately. It may cause some temporary annoyance to your users, but nothing long-term. Best, Gergely 2015-09-25 8:03

NOOB exposes CSRF token. Now what?

I'm learning Django and still very new at it. And like a newbie, I may have made a newbie goof. I have leaked my CSRF token. I am building up a web site with Django which I have under revision control with Git. I have pushed two commits of the project out to Github. The commits included

Django-tastypie checking of csrf token in requests

set up our Tastypie API to do this OAuth authentication). How does Tastypie check for the csrf token, and does anybody have experience modifying the mechanism so that it does check it when users are in a session using the web application but does not require it if users are accessing

Re: CSRF token missing on file upload ajax request

ham Serour <tovm...@gmail.com>: > try addind the csrf on the http header instead of form data > > On Sun, Feb 8, 2015 at 10:40 PM, G Z <zuk...@gmail.com> wrote: > >> hello, I have an ajax request that sends a file to django, it is saying >> that the csrf token

Re: CSRF token missing on file upload ajax request

try addind the csrf on the http header instead of form data On Sun, Feb 8, 2015 at 10:40 PM, G Z <zuk...@gmail.com> wrote: > hello, I have an ajax request that sends a file to django, it is saying > that the csrf token is missing but i copied my other ajax request that are > wo

CSRF token missing on file upload ajax request

hello, I have an ajax request that sends a file to django, it is saying that the csrf token is missing but i copied my other ajax request that are working. I'm sure it has something to do with trying to pass a file to upload. I get a 403 and csrf missing return. base.html

Re: Rotate the CSRF token on every request

Hello, You could try setting a new CSRF token using javascript every time a form is submitted. Something like: // Change this selector so it doesn't apply to forms with off-site actions. $(document).on('submit', 'form[method=post]', function(){ for(var c = ''; c.length < 32;) c += Math.ran

Re: Rotate the CSRF token on every request

On 2014-11-01 08:32, Zach Borboa wrote: > Rotating the CSRF token on every request is probably not a great > idea. Tokens will become invalidated when multiple tabs are open. I've used sites that do this and it infuriates me to no limit. Unless absolutely mandated to use them for $JOB

Re: Rotate the CSRF token on every request

Rotating the CSRF token on every request is probably not a great idea. Tokens will become invalidated when multiple tabs are open. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving e

Rotate the CSRF token on every request

Hi all, I am in the process right now of working on a web portal where we want to rotate the csrf token on each request. We intend to have a new token each time for optimal security. I was hoping someone might know more about this than I do because I've run into some difficulties that were

Re: CSRF Token: is it okay if it is attached to my url when I enter my form?

; This happens when I enter my form ( a CreateView Model Form)? Is that oky > or a security risk of any kind? > It sounds like you fixed the underlying issue, but I wanted to answer the original question anyway. I think it's less than ideal to expose the CSRF token in the URL. It's t

Re: CSRF Token: is it okay if it is attached to my url when I enter my form?

Thank you Collin and Thundebabzy, you identified the problem I think. When I call the form for the first time it is called the wrong way. I will fix this! Am Freitag, 3. Oktober 2014 16:57:23 UTC+2 schrieb Collin Anderson: > > However you would have that behavior when you are submitting a

Re: CSRF Token: is it okay if it is attached to my url when I enter my form?

> > However you would have that behavior when you are submitting a form with a > GET. You should use POST to submit your form instead of GET. > Yes, use: -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and

Re: CSRF Token: is it okay if it is attached to my url when I enter my form?

I don't think its risky to have csrf token in the url since its in open view in the page's source anyway (I'm not a security expert so that with a very large bag of salt). However you would have that behavior when you are submitting a form with a GET. You should use POST to submit your form

CSRF Token: is it okay if it is attached to my url when I enter my form?

Please help: I am confused whether it is okay that it is showing in the url like this: http://netteachers.de/bewerbung/formular?csrfmiddlewaretoken=2jKsplZsQx5XpBfltUaDmgJjhRiCllxQ This happens when I enter my form ( a CreateView Model Form)? Is that oky or a security risk of any kind? --

Re: nothing i can do about "CSRF token missing or incorect" -- beginner

it suddenly got solved. i don't know how but now it's working. anyway i didn't know exactly what this CSRF do but thanks to you i now do know. thanks again.. On Tuesday, September 2, 2014 4:25:11 PM UTC+4:30, François Schiettecatte wrote: > > Did you check that the csrf_token is actually

Re: nothing i can do about "CSRF token missing or incorect" -- beginner

Did you check that the csrf_token is actually inserted into the form by looking at the HTML in the browser? François On Sep 2, 2014, at 3:57 AM, aseds wrote: > i searched and tried what i found to solve it, but... > here is my edit.html which contains my form: > >

nothing i can do about "CSRF token missing or incorect" -- beginner

i searched and tried what i found to solve it, but... here is my edit.html which contains my form: {{ page_name }} - Editing Editing {{ page_name }} {% csrf_token %} {{ content }} and here is my views.py: # ... def edit_page(request, page_name): try: page = Page.objects.get(pk

Re: Question about including CSRF token.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 21/07/14 15:57, Chen Xu escribió: > I am writing a website using Django, and getting confused about > CSRF token, I understand I need to include the csrf token on my web > page to prevent the CSRF attack. However, I am also working on a

Question about including CSRF token.

Hi Everyone, I am writing a website using Django, and getting confused about CSRF token, I understand I need to include the csrf token on my web page to prevent the CSRF attack. However, I am also working on a mobile app, which will sends request to my website API, and get response back, how

Re: Unable to add CSRF token to the header

;, > data: { > csrfmiddlewaretoken: '{{ csrf_token }}' > }, > success: function( json) { > }); > > It was suggested to me that I should follow this and make sure that > csrf token is present in the header.

Unable to add CSRF token to the header

"GET", withCredentials: true, async: false, url: "/api/v1/myurl/", data: { csrfmiddlewaretoken: '{{ csrf_token }}' }, success: function( json) { }); It was suggested to me that I should follow this

Re: CSRF Token Help

in the correct order). You can't have a null value in the csrf token at least not if you are using the csrf token support on your forms. All responses should have the csrf token set. Regards, Andréas 2014-06-16 2:49 GMT+02:00 Jesse Warden <jesse.war...@gmail.com>: > How does the cookie get set

Re: CSRF Token Help

where I saw it, but I found that the csrf token is added > as a cookie to the response, so it is always present on each response. In > my code I have an event handler (I'm using jquery to post) that looks like > the following: > > $(document).ajaxSend(funct

Re: CSRF Token Help

Hi Jesse, I can't remember where I saw it, but I found that the csrf token is added as a cookie to the response, so it is always present on each response. In my code I have an event handler (I'm using jquery to post) that looks like the following: $(document).ajaxSend(function (event, jqxhr

Re: CSRF Token Help

Yes, I've added the token in the cookie. Yes, I've added the cookie in the form post variable. Yes, I've added as a GET post variable. Yes, I've tried adding as a POST variable. Yes, I've set it to what the server sends back. Yes, I've set it to what the server-side sends back as a Cookie. ...

Re: CSRF Token Help

Since you've been trying for so long, may be a obvious answer, but have you tried with this? https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax Renato Oliveira @_renatooliveira Labcodes - www.labcodes.com.br On Sun, Jun 15, 2014 at 11:38 AM,

CSRF Token Help

I've read the stack overflow posts, blog articles on how CSRF works, etc, but still failing to get this to work in both JavaScript and Dart. No matter what I try, I keep getting a 403 for my login method. I've attempted various Apache/Virtual Host programs for Mac to run a local domain in hopes

Re: Opinion needed for a BookMarker project - Regarding CSRF token

e one of them. I propose making two views, one which is csrf exempt and one which has full csrf protection. The csrf exempt view receives the data sent by the bookmarklet, and uses it as the initial data for a form. It then displays that form to the user, showing what will be saved in to the da

Re: Opinion needed for a BookMarker project - Regarding CSRF token

uests like the ones you are trying to > make. There is no protection that can allow requests like yours, and > disallow the naughty ones, because the naughty ones look just like the > allowed ones. > > This is the purpose of the CSRF token, it prevents requests that are > like form

Re: Opinion needed for a BookMarker project - Regarding CSRF token

signed to stop requests like the ones you are trying to make. There is no protection that can allow requests like yours, and disallow the naughty ones, because the naughty ones look just like the allowed ones. This is the purpose of the CSRF token, it prevents requests that are like form submission

Re: Opinion needed for a BookMarker project - Regarding CSRF token

Also couldn't it be like a webservice? I mean in Django I create a view which would require some authentication and the JS can ask for passwords? Is there something I am completely missing in here? Just floating an idea becuase turning off security doesn't seem like a good design. The options

Re: Opinion needed for a BookMarker project - Regarding CSRF token

I understand that it would leave the view open to CSRF attack. That is the reason why I asked about "Also when you are doing Django projects and need to deal with JS then what do you do? I mean is there an alternative for JS in Django? ". I mean that whether there is a way to properly integrate

Re: Opinion needed for a BookMarker project - Regarding CSRF token

On Mon, May 12, 2014 at 9:08 PM, Tom Evans wrote: > On Mon, May 12, 2014 at 9:01 PM, Aseem Bansal wrote: >> Hi Sanjay >> >> I think you misunderstood a bit. The JS that I am talking about will not be >> inside the web pages of the project. The JS

Re: Opinion needed for a BookMarker project - Regarding CSRF token

the URL. > > Here a problem due to CSRF token would occur becuase I can hard-code the > CSRF token in the JS for one environment but as I am not aware how the > token is generated it would be difficult to dynamically generate the token > in the JS for a different environmen

Re: Opinion needed for a BookMarker project - Regarding CSRF token

On Mon, May 12, 2014 at 9:01 PM, Aseem Bansal wrote: > Hi Sanjay > > I think you misunderstood a bit. The JS that I am talking about will not be > inside the web pages of the project. The JS is supposed to be used as a > Bookmarklet in the web browser. I intend to use the

Re: Opinion needed for a BookMarker project - Regarding CSRF token

. The app will then store the URL. Here a problem due to CSRF token would occur becuase I can hard-code the CSRF token in the JS for one environment but as I am not aware how the token is generated it would be difficult to dynamically generate the token in the JS for a different environment

Re: Opinion needed for a BookMarker project - Regarding CSRF token

nd a JavaScript for sending the URLs to the app. > There is a problem of CSRF token in Django. I was able to do a dummy POST > request by sending the CSRF token hard-coded as a parameter. But I do not > understand how the CSRF tokens are generated. Can I just hard-code them? I > don't think

Opinion needed for a BookMarker project - Regarding CSRF token

I am new to Django and am learning it baically because I wanted to create a BookMarker project. A project for managing bookmarks. For this I am going to create a UI through Django and a JavaScript for sending the URLs to the app. There is a problem of CSRF token in Django. I was able to do

Re: Using the CSRF token with two views

2, Robert Steckroth wrote: >>> >>>> The >>>> problem is that the contact form >>>> is provided by one view and processed by another. This, of course >>>> raises a CSRF token error in the posting >>>> submit. >>

Re: Using the CSRF token with two views

On Sun, Sep 2, 2012 at 1:16 AM, Melvyn Sopacua <m.r.sopa...@gmail.com> wrote: >> On 2-9-2012 0:52, Robert Steckroth wrote: >> >>> The >>> problem is that the contact form >>> is provided by one view and processed by another. This, of course >>>

Re: Using the CSRF token with two views

oth wrote: > >> The >> problem is that the contact form >> is provided by one view and processed by another. This, of course >> raises a CSRF token error in the posting >> submit. > I don't see the logic of this, unless by view you mean request. This is > also a bit confusin

Re: Using the CSRF token with two views

On 2-9-2012 0:52, Robert Steckroth wrote: > The > problem is that the contact form > is provided by one view and processed by another. This, of course > raises a CSRF token error in the posting > submit. I don't see the logic of this, unless by view you mean request. This is also

  1   2   >