Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I include Django 1.2's CSRF token in a Javascript-generated HTML form?

Tags:

javascript

django

csrf

django-csrf

extjs

I recently upgraded to Django 1.2.3 and my upload forms are now broken. Whenever I attempt to upload, I receive a "CSRF verification failed. Request aborted." error message.

After reading Django's documentation on this subject, it states that I need to add the {% csrf_token %} template tag within the HTML <form> in my template. Unfortunately, my <form> is generated via JavaScript (specifically, ExtJs's "html" property on a Panel).

Long story short, how do I add the required CSRF token tag to my <form> when my <form> is not included in a Django template?

like image 306
Huuuze Avatar asked Sep 21 '10 21:09

Huuuze

People also ask

Where do I put CSRF token in HTML?

Place the field containing the CSRF token as early as possible within the HTML file. Place the field that contains the token before any non-hidden fields and before any places where user-controllable data is embedded.

How do I add a CSRF token?

csrf token html form Add a viewport meta tag to the document head to set the width of the layout viewport equal to the width of the device and set the initial scale of the viewport to 1.0.

How does Django generate CSRF token?

The CSRF token is like an alphanumeric code or random secret value that's peculiar to that particular site. Hence, no other site has the same code. In Django, the token is set by CsrfViewMiddleware in the settings.py file. A hidden form field with a csrfmiddlewaretoken field is present in all outgoing requests.

1 Answers

Another option would be to adapt the cookie/header based solution shown in the Django docs with Ext - preferable if you have a lot of templates and don't want to change every single one.

Just drop the following snippet in your overrides.js (or wherever you put global modifications):

Ext.Ajax.on('beforerequest', function (conn, options) {
   if (!(/^http:.*/.test(options.url) || /^https:.*/.test(options.url))) {
     if (typeof(options.headers) == "undefined") {
       options.headers = {'X-CSRFToken': Ext.util.Cookies.get('csrftoken')};
     } else {
       options.headers.extend({'X-CSRFToken': Ext.util.Cookies.get('csrftoken')});
     }                        
   }
}, this);

(edit: Ext already has cookie reading function, no need to duplicate it)

like image 197
chrisv Avatar answered Sep 23 '22 03:09

chrisv
Sign in to Comment

Related questions

JavaScript - Sort depending on dependency tree
dynamic basename with BrowserRouter in react-router-dom
Would it be safe to enable nodeIntegration in Electron on a local page that is packaged with the app?
v-file-input .click() is not a function
How can a Discord bot create a hyperlink in a Discord message in an embed or in general? [closed]
alternative approaches to multiple if else conditions [closed]
(React Native): Execution failed for task ':app:generatePackageList'
How to provide namespaces in JavaScript with instanced objects
JavaScript switch statement
Adding javascript to the OnBlur property of an ASP.NET text box control
How to make a div with a blinking cursor and editable text without using <input>?
javascript changing the get parameter without redirecting [duplicate]
how to check special permissions in facebook
Stop IE from loading dynamically included script twice
Can the Google Maps API javascript be cached?
show/hide image on click
How to pass variable into jquery animate function properties?
getComputedStyle (or) $.css(map) <-- to get every style declaration
How to center align pop up div using Javascript
Default value for function parameter?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!