AJAX + CSRF only works on Chrome, but not on Firefox and Safari.
897 views
Skip to first unread message
Kyu
Nov 17, 2011, 4:40:03 AM11/17/11
to Django users
Hi, I'm doing very basic AJAX operation using Django 1.3.1.
1) First of all, I copied the AJAX + CSRF snippet (https://
docs.djangoproject.com/en/1.3/ref/contrib/csrf/#ajax) to my *.js file
loded by the every HTML page.
2) HTML defines the subject, email, and message fields, but there's no
form.
3) When the user clicks the submit button, jQuery.post(...) is
triggered.
4) My ajax-view.py that receives the request from AJAX checks whether
three inputs are valid and just sends {'success' : 'True'} json.
At this point, 403 error occurs in Safari and Firefox for some reason
while it works fine in Chrome.
What's the problem with my approach? Thanks.
Here's my views
def sent_mail_view(request):
form = ContactForm(request.POST) # ContactForm extends forms.Model
and Contact is Model.
if form.is_valid():
form.save();
response = simplejson.dumps({'success':'True'})
else:
response = simplejson.dumps({'success':'False'})
return HttpResponse(response,
content_type='application/javascript;
charset=utf-8')
and Ajax post call:
jQuery.post("/stores/sendmail/", emailinfo,
function(response) {
if (response.success == "True") { ... }
}, "json");
1) First of all, I copied the AJAX + CSRF snippet (https://
docs.djangoproject.com/en/1.3/ref/contrib/csrf/#ajax) to my *.js file
loded by the every HTML page.
2) HTML defines the subject, email, and message fields, but there's no
form.
3) When the user clicks the submit button, jQuery.post(...) is
triggered.
4) My ajax-view.py that receives the request from AJAX checks whether
three inputs are valid and just sends {'success' : 'True'} json.
At this point, 403 error occurs in Safari and Firefox for some reason
while it works fine in Chrome.
What's the problem with my approach? Thanks.
Here's my views
def sent_mail_view(request):
form = ContactForm(request.POST) # ContactForm extends forms.Model
and Contact is Model.
if form.is_valid():
form.save();
response = simplejson.dumps({'success':'True'})
else:
response = simplejson.dumps({'success':'False'})
return HttpResponse(response,
content_type='application/javascript;
charset=utf-8')
and Ajax post call:
jQuery.post("/stores/sendmail/", emailinfo,
function(response) {
if (response.success == "True") { ... }
}, "json");
Jesse Heitler
Nov 17, 2011, 9:09:33 AM11/17/11
to Django users
This is a long shot, but do you happen to have an underscore in your
domain name? Some browsers choke on that character and refuse to
return cookies.
-Jesse
domain name? Some browsers choke on that character and refuse to
return cookies.
-Jesse
Tom Evans
Nov 17, 2011, 9:10:47 AM11/17/11
to django...@googlegroups.com
The JS snippet only works if your browser accepts the cookies it is
sent. Are you serving the site from a different/illegal domain name
than your cookies are being set with?
Cheers
Tom
Kyu
Nov 17, 2011, 1:09:09 PM11/17/11
to Django users
@Jesse Heitler:
I don't use an underscore in my domain name.
@Tom Evans:
I'm just running the website locally (localhost:8000) using
"runserver" command.
I set the Firefox preference to allow 127.0.0.1 cookies, but it still
gives an 403 error.
Thanks,
Kyu
On Nov 17, 6:10 am, Tom Evans <tevans...@googlemail.com> wrote:
I don't use an underscore in my domain name.
@Tom Evans:
I'm just running the website locally (localhost:8000) using
"runserver" command.
I set the Firefox preference to allow 127.0.0.1 cookies, but it still
gives an 403 error.
Thanks,
Kyu
On Nov 17, 6:10 am, Tom Evans <tevans...@googlemail.com> wrote:
Jesse Heitler
Nov 20, 2011, 1:42:00 PM11/20/11
to Django users
When I was debugging a similar problem the most helpful test I ran was
to isolate the problem to either the client or the browser by
configuring the server logs to show if the cookies we actually sent. I
did this by reconfiguring my Apache logs (I think), but I'm not sure
how to do that with the runserver. Maybe try testing on a more full-
featured server.
to isolate the problem to either the client or the browser by
configuring the server logs to show if the cookies we actually sent. I
did this by reconfiguring my Apache logs (I think), but I'm not sure
how to do that with the runserver. Maybe try testing on a more full-
featured server.
> I'm just running the website locally (localhost:8000) using
> "runserver" command.
> I set the Firefox preference to allow 127.0.0.1 cookies, but it still
> gives an 403 error.
And, an untested guess... perhaps Firefox does not consider 127.0.0.1
and localhost to be the same for the permission you set.
Good luck.
-Jesse
Reply all
Reply to author
Forward
0 new messages