WebFaction
Community site: login faq

Hey all,

I'm experiencing a problem with my AJAX Django site. I'm trying to fetch data from the server through a POST request. The set-up is fairly simple: I have a static page (rotterdam.ndkv.nl) that loads a Google Maps map and request some data from my Django app through jQuery's $.post(). To protect from CSRF attacks, Django sets a cookie on the client the value of which it expects to get at every request. The Django docs explain how to correctly deal with this protection mechanism but they focus on templated pages. My view returns a simple HttpResponse and I set the cookie as so:

https://github.com/ndkv/citygml2scenejs/blob/master/views.py

I then fetch the value of csrftoken as described in the Django docs (https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax).

The problem however is that this cookie is never set (not in Chrome (there is nothing in the Resources tab) or Firefox), hence the CSRF check fails and I get a 403 (FORBIDDEN) response. The whole thing works fine on my local server.

I looked at the headers and saw that the 403 response is served by nginx. I was expecting is to be served by Django (unless of course nginx takes over and delivers the static 403 response). This means that I cannot check what the value, if any, of Set-Cookie is. My uneducated hunch is that the nginx/Django configuration is throwing me a curve ball. I conclude this based on the fact that the app works on my local machine where it is served by manage.py runserver.

Does anybody have any idea what might be going on? Any pointers on how to get to the headers as returned by Django are also appreciated.

Cheers, Simeon

asked 29 Mar '12, 16:37

ndkv
111
accept rate: 0%


Alright, my bad. Looking through my code I saw that I used a different mechanism for getting the cookie value than the one stated in the Django docs. Instead of

$(document).ajaxSend(function(event, xhr, settings) {
    function getCookie(name) {
        var cookieValue = null ...

I was doing

 $.ajaxSetup({
        beforeSend: function(xhr, settings) {
            function getCookie(name) {
                var cookieValue = null ...

which somehow fails to either fetch the cookie or set the headers.

Everything works now.

permanent link

answered 30 Mar '12, 15:26

ndkv
111
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×909
×5
×4

question asked: 29 Mar '12, 16:37

question was seen: 6,442 times

last updated: 30 Mar '12, 15:26

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM