GET/POST
egilchri
mod_wsgi,and Django, and I've hit what is probably a common
roadblock.
When I use "curl" to invoke a url using GET, it works just fine. But
when I invoke it using POST, I get a 403 error:
curl http://web1.tunnlr.com:xxxxx/wsgi-scripts/index.json # works
fine, creates JSON
curl -X POST http://web1.tunnlr.com:xxxx/wsgi-scripts/index.json #
produces a 403 error
I need to get this working because I am constructing an app that
returns JSON. However, this app is setup to invoked by an app engine
that will be POSTing to it. Right now, I see from that app engines
logs that it is getting back a 404, just like my "curl" test.
Can someone point me in the right direction? Thanks,
Gabriel Gunderson
> I am really new to Django. I've set up an Apache server with
> mod_wsgi,and Django, and I've hit what is probably a common
> roadblock.
Welcome. Hope you enjoy your time spent with Django!
> When I use "curl" to invoke a url using GET, it works just fine. But
> when I invoke it using POST, I get a 403 error:
>
> curl http://web1.tunnlr.com:xxxxx/wsgi-scripts/index.json # works
> fine, creates JSON
> curl -X POST http://web1.tunnlr.com:xxxx/wsgi-scripts/index.json #
> produces a 403 error
403 is 'Forbidden' and I think it might have something to do with this:
http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#rejected-requests
It's a good thing :) It's trying to make the Internet a safer place
--starting with your site.
> I need to get this working because I am constructing an app that
> returns JSON. However, this app is setup to invoked by an app engine
> that will be POSTing to it. Right now, I see from that app engines
> logs that it is getting back a 404, just like my "curl" test.
Now, before you said 403... Did you really mean 404? That would
change my reply.
Best,
Gabe
AJ
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
--
AJ
Amit Sethi
<form something method='post'> {% csrf_token %}
--
A-M-I-T S|S
egilchri
like csrf_exempt().
The reason is, I'm working with an API (It's for a voice application),
and the API works as follows.
You create an app, that among other things, is able to take apart the
"session" data that is initially posted
to it.
The flow of control goes like this. :
-User calls a certain number on the phone
- That number, being associated with your app, calls a POST request to
be issued to your app
- Your app can optionally unpack that session data, if it needs piecs
of it
So you see, the POST is coming from outside of my control. It is
coming from the app engine, which is a
third party known and trusted by me. I don't think I can impose any
restrictions on them, such as including a special token or cookie that
I designate.
But I guess that raises the issue of how am I protecting my app from
being maliiciously attacked by someone other than the third party app
engine I trust? Hmm, food for thought.
Ted Gilchrist
On May 23, 10:49 pm, Gabriel Gunderson <g...@gundy.org> wrote:
> > I am really new to Django. I've set up an Apache server with
> > mod_wsgi,and Django, and I've hit what is probably a common
> > roadblock.
>
> Welcome. Hope you enjoy your time spent with Django!
>
> > When I use "curl" to invoke a url using GET, it works just fine. But
> > when I invoke it using POST, I get a 403 error:
>