Re: AJAX + CSRF only works on Chrome, but not on Firefox and Safari.

When I was debugging a similar problem the most helpful test I ran was
to isolate the problem to either the client or the browser by
configuring the server logs to show if the cookies we actually sent. I
did this by reconfiguring my Apache logs (I think), but I'm not sure
how to do that with the runserver. Maybe try testing on a more full-
featured server.

> I'm just running the website locally (localhost:8000) using
> "runserver" command.
> I set the Firefox preference to allow 127.0.0.1 cookies, but it still
> gives an 403 error.

And, an untested guess... perhaps Firefox does not consider 127.0.0.1
and localhost to be the same for the permission you set.

Good luck.

-Jesse

On Nov 17, 6:09 pm, Kyu <kyus...@berkeley.edu> wrote:
> @Jesse Heitler:
> I don't use an underscore in my domain name.
>
> @Tom Evans:
> I'm just running the website locally (localhost:8000) using
> "runserver" command.
> I set the Firefox preference to allow 127.0.0.1 cookies, but it still
> gives an 403 error.
>
> Thanks,
> Kyu
>
> On  Nov 17, 6:10 am, Tom Evans <tevans...@googlemail.com> wrote:
>
>
>
>
>
>
>
> > On Thu, Nov 17, 2011 at 9:40 AM, Kyu <kyus...@berkeley.edu> wrote:
> > > Hi, I'm doing very basic AJAX operation using Django 1.3.1.
>
> > > 1) First of all, I copied the AJAX + CSRF snippet (https://
> > > docs.djangoproject.com/en/1.3/ref/contrib/csrf/#ajax) to my *.js file
> > > loded by the every HTML page.
>
> > > 2) HTML defines the subject, email, and message fields, but there's no
> > > form.
>
> > > 3) When the user clicks the submit button, jQuery.post(...) is
> > > triggered.
>
> > > 4) My ajax-view.py that receives the request from AJAX checks whether
> > > three inputs are valid and just sends {'success' : 'True'} json.
>
> > > At this point, 403 error occurs in Safari and Firefox for some reason
> > > while it works fine in Chrome.
> > > What's the problem with my approach? Thanks.
>
> > > Here's my views
>
> > > def sent_mail_view(request):
> > >    form = ContactForm(request.POST) # ContactForm extends forms.Model
> > > and Contact is Model.
> > >    if form.is_valid():
> > >        form.save();
> > >        response = simplejson.dumps({'success':'True'})
> > >    else:
> > >        response = simplejson.dumps({'success':'False'})
>
> > >    return HttpResponse(response,
> > >                        content_type='application/javascript;
> > > charset=utf-8')
>
> > > and Ajax post call:
> > > jQuery.post("/stores/sendmail/", emailinfo,
> > >                function(response) {
> > >                        if (response.success == "True") { ... }
> > >                }, "json");
>
> > The JS snippet only works if your browser accepts the cookies it is
> > sent. Are you serving the site from a different/illegal domain name
> > than your cookies are being set with?
>
> > Cheers
>
> > Tom

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.