Django and AJAX jQuery

[Martin Spasov]

I am completely new to AJAX and I was wondering. I have a a view that  ajax is posting to but in order for the request to be processed in the view correctly i have to add csrf_exempt decorator to that view, but is that safe? I named the url for that view with a name that would not be guessable, but still ?

Thanks!

Martin!

[Collin Anderson]

If the url name is not guessable (for example, it includes a secure random string, like django's forgot password url), that should provide enough security.

Though you can always pass in the csrf token using javascript:

https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax

[Martin Spasov]

Perfect, thank you

> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Django users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/django-users/5qrRk3by4z4/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> django-users...@googlegroups.com.
> To post to this group, send email to django...@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/1a8bdb6a-8ed1-4e23-b56d-bd222d34471a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>