<laxmikant.gurnal...@gmail.com> wrote:
> Thanks, for the response.
> I had a problem like this
>    I was trying to create a  storesite which can be worked without django
> framework but using django. i.e just static template index.html & a
> java-script file. With all the stuff dynamically generated & only urls by
> the django, so that anybody can use my index.html, just calls my server for
> the url to display dynamic content using users information.
> so for this purpose I had a cookies resided in my browser and I was trying
> to create database objecst using javascript with api urls.

> When I studied CSRF in detail, I understood that, private dynamic
> javascript cookies cannot be directly used to  retrieve or access the
> database related to your site. Hence, my javascript was considered by django
> as a malicious/attack content and thrown a 403 forbidden error. So I was
> trying to remove the CSRF from my project. But Failed. Due to the same
> reason as you guys have told me.
>     So on understanding CSRF  just removed code of cookies & just added
> parameters to url just before when user refreshes the page. And whole thing
> worked.  That was the Great  experience.

> anyways,
> Plz tell me if I can hv any other method to do this. adding parameters to
> url is definitely not secure always.

> One more thing I am using csrf_exempt to handle api views.

> Thanks a lot again.

> On Sat, Oct 6, 2012 at 4:38 AM, Bill Freeman <ke1g...@gmail.com> wrote:

>> Right you are.

>> On Fri, Oct 5, 2012 at 6:20 PM, Ian Clelland <clell...@gmail.com> wrote:

>> > On Friday, October 5, 2012, Bill Freeman wrote:

>> >> I believe that I read somewhere that newer Djangos force the CSRF
>> >> middleware even if it's not listed in MIDDLEWARE_CLASSES.

>> > You might be thinking of the CSRF context processor, which is always
>> > enabled, no matter what is in settings. Even the most recent docs don't
>> > say
>> > anything about forcing the middleware.

>> >> You could dive into the middleware code to see how this happens, and
>> >> come up with a stable strategy to circumvent it.  Or you could just
>> >> fix the necessary views and templates.  There is, after all, a chance
>> >> that you will want to be able to upgrade this site without jumping
>> >> through hoops.

>> >> On Thu, Oct 4, 2012 at 4:56 AM, Laxmikant Gurnalkar
>> >> <laxmikant.gurnal...@gmail.com> wrote:
>> >> > Hi, Guys

>> >> > Disabling CSRF is not working.
>> >> > These are my midlewares., Removed {% csrf_token %} all templates.

>> >> > MIDDLEWARE_CLASSES = (
>> >> >     'django.middleware.common.CommonMiddleware',
>> >> >     'django.contrib.sessions.middleware.SessionMiddleware',
>> >> >    # 'django.middleware.csrf.CsrfViewMiddleware',
>> >> >     'django.contrib.auth.middleware.AuthenticationMiddleware',
>> >> > #    'django.contrib.messages.middleware.MessageMiddleware',
>> >> > #    'django.middleware.csrf.CsrfResponseMiddleware',
>> >> > #     'igp_acfs.acfs.disablecsrf.DisableCSRF',
>> >> > )

>> >> > Also tried by writing disablecsrf.py like this :

>> >> > class DisableCSRF(object):
>> >> >     def process_request(self, request):
>> >> >         """
>> >> >         """
>> >> >         setattr(request, '_dont_enforce_csrf_checks', True)

>> >> > Thanks in Advance!!!

>> >> > Laxmikant

>> >> > --
>> >> > You received this message because you are subscribed to the Google
>> >> > Groups
>> >> > "Django users" group.
>> >> > To post to this group, send email to django-users@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > django-users+unsubscribe@googlegroups.com.
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/django-users?hl=en.

>> >> --
>> >> You received this message because you are subscribed to the Google
>> >> Groups
>> >> "Django users" group.
>> >> To post to this group, send email to django-users@googlegroups.com.
>> >> To unsubscribe from this group, send email to
>> >> django-users+unsubscribe@googlegroups.com.
>> >> For more options, visit this group at
>> >> http://groups.google.com/group/django-users?hl=en.

>> > --
>> > Regards,
>> > Ian Clelland
>> > <clell...@gmail.com>

>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Django users" group.
>> > To post to this group, send email to django-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > django-users+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/django-users?hl=en.

>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To post to this group, send email to django-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> django-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.

> --

> GlxGuru

> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.