You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to django...@googlegroups.com
I am completely new to AJAX and I was wondering. I have a a view that ajax is posting to but in order for the request to be processed in the view correctly i have to add csrf_exempt decorator to that view, but is that safe? I named the url for that view with a name that would not be guessable, but still ?
Thanks!
Martin!
Collin Anderson
unread,
Sep 1, 2014, 1:19:24 PM9/1/14
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to django...@googlegroups.com
If the url name is not guessable (for example, it includes a secure random string, like django's forgot password url), that should provide enough security.
Though you can always pass in the csrf token using javascript: