Conflict between django csrf and credit card clearing?
Joakim Hove
I am using Django to write a sort of web-shop site. For reading
credit
card information, and reserving the money we use a third part company
called DIBS. The flow of the application is roughly like this:
1. The customer peeks around at our site and selects product(s) to
buy.
2. When the customer is ready to commit she is redirected to the site
of
the third party. The URL redirecting there contains some
information
about the purchase, i.e. the amount, an order id in our system
and
so on.
In addition the url contains three extra URLs which the DIBS
system
will redirect to, depending on the outcome of the transaction.
3. When a transaction has completed successfully DIBS will redirect
the
customer to a URL like this on my site:
http://what.ever/DIBS/accept/ddddd/
The url mapping of this is just to a simple view function
displaying a
"Thank you for your purchase blablabla" text. Now this page is not
rendered, instead I get 403 and CSRF verification failure.
Now the view I would like to render in this case is not a form, so
I do
not really understand how the csrf macinery of Django comes into
play?
Summary of redirections:
Form at my site --> DIBS --> simple view at my site.
Any tips?
Joakim
pjrh...@gmail.com
> Summary of redirections:
>
> Form at my site --> DIBS --> simple view at my site.
>
> Any tips?
>
> Joakim
My best guess is that the user must be getting posted back to that
address when they click a button on the external website.
You can probably just add an exception:
http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#exceptions
Peter
Joakim Hove
thank you very much for your answer. The exception did the job :-)
Joakim