|
Posted by eXt  |
|
|
Hi!
I'm going to add a board to my existing Django site and I've just ecountered the following problem: when you have csrf protection middleware enabled then requests sent after you click "preview" (when adding a new post), are blocked. This is because request lacks some headers. I've added: http.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); http.setRequestHeader('X-Requested-With', 'XMLHttpRequest'); to the showResponseInElement function to have things working. If you think that this is a good solution -> patch is attached. |
|
|
Posted by Herbert Poul  |
|
|
hi,
good to hear that you are still working with SCT :) thanks for the patch, i've committed it. seems good to me (although i don't know exactly how the CSRF middleware works) Hey, we have Signatures !!! Great, isn't it ? ;) |
|
|
Posted by eXt |
|
Heh. Nice to hear that. I'm still with SCT because there is no better board application in Django :D
CSRF middleware checks if there is X-Requested-With header in request. If it is true then middleware assumes that this is an AJAX request and it is accepted, otherwise exception is thrown. X-Requested-With header is normally used when you do AJAX calls using JQuery, YUI etc.. Because SCT uses plain xmlhttp object we need to have X-Requested-With header added manually. The other line of my patch is something that should be added for "POST" requests (but don't ask me for details - I've just read about it somewhere). |
Please login to post a reply.
