I have a new Django app with REST endpoints and static html page that triggers XMLHttpRequest REST queries. POSTs fail with "CSRF cookie not set.".
If I open a client debugger, document.cooke returns "". AFAIK, this should have "csrftoken".
In settings.py, MIDDLEWARE_CLASSES contains 'django.middleware.csrf.CsrfViewMiddleware' by default. Any idea what might be wrong?
Add ensure_csrf_cookie decorator to your view.
https://docs.djangoproject.com/en/1.9/ref/csrf/#django.views.decorators.csrf.ensure_csrf_cookie
If that doesn't help you might want to read these docs
https://docs.djangoproject.com/en/1.9/ref/csrf/#ajax
Related
I need to fully load my website inside an iframe, so I deleted clickjacking middleware but after that, I got 403 code status and CSRF exception, how I can fix this to allow load my website inside iframe?
You don't need to fully disable the middleware, you can disable it for a specific view using #xframe_options_exempt.
See: https://docs.djangoproject.com/en/3.2/ref/clickjacking/
I have a Python Django app running on https://dj-node-project.herokuapp.com/catalog/, when I put this into an iframe, I'm seeing a blank page. Do I need to enable "iframe" settings on Heroku?
<iframe src="https://dj-node-project.herokuapp.com/catalog/">
<p>Your browser does not support iframes.</p>
</iframe>
you can remove middleware as mentioned below
and you can also use decorator
from django.views.decorators.clickjacking import xframe_options_exempt
#xframe_options_exempt
def ok_to_load_in_a_frame(request):
Django not allow to use django website as Iframe tag. because django have middleware
'django.middleware.clickjacking.XFrameOptionsMiddleware',
that not allowed to load django site to another website using iframe tag. it check SAMEORIGIN when page loaded.
you have
Read full about this topic https://docs.djangoproject.com/en/1.11/ref/clickjacking/
I am working on a project that uses Django and Angular. I do not have a background as a web developer so please try to explain your answer so that a novice person can understand it.
Basically I want to make it so that the login page is the default page instead of the index page.
I currently have the following url handler in my main Django project urls.py:
url(r'^$', 'core.views.generic.index')
I also have another urls.py in an app called core that sends visitors to the login page:
url(r'^/login$', private.MeLogin.as_view())
Now I want the login page to become the default page instead if the index page. How can I do that?
I have tried adding the following the the views file in the core app:
#login_required(redirect_field_name='', login_url='#/login')
def index(request):
return render_to_response('html/index.html', locals(), context_instance=RequestContext(request))
Unfortunately I get the message
This webpage has a redirect loop
I do not know how to solve this problem. Basically I want users to be redirected to the login page if they enter any URL that is not handled by other URL handlers. When they successfully log in they are redirected to a dashboard page automatically.
EDIT:
The login page URL is handled in the core urls.py file and points to a different view than index.
url(r'^/login$', private.MeLogin.as_view())
Web servers, in this case Django, do not see the fragment after the #. You are redirecting from / to /, creating a redirect loop.
If you want to redirect to the Django login url, you need login_url='/login'.
As an aside, you should remove the leading slash from your regex r'^/login$.
In #login_required(redirect_field_name='', login_url='#/login')
remove redirect_field_name='', it really is not neccessary and make sure that #/login in login_url='#/login is the same as in your url.py file:
like
views.py
#login_required(redirect_field_name='', login_url='accounts/login/')
as
url.py
url(r'^accounts/login/', auth_views.login),
I assume your Angular & Django apps are running in two seperate ports, like:
Django on port 8000
Angular on port 1000
So if you give /#/login it will redirect for the same with Django port (8000/#/login).
So why don't you give the full URL www.example.com/#/login?
I have fully created a Django website with python-social-auth for facebook authentication and have hosted it on heroku(free version). The problem however is,that my Facebook authentication,which was working perfectly locally,is not working and it throws an error as follows:-
Given URL is not allowed by the Application configuration: One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains.
I have configured my facebook settings , wherein the site url is the one hosted on heroku (https://quiet-hamlet-3248.herokuapp.com/). Also,I haven't changed my API keys/secret.
Any help would be appreciated.
So I just figured it out.
As mentioned here , one needs to update his settings file to include the line SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
This is because heroku fails to pass the headers required to identify the app.
I want to build a server side base for analytics using Python/Django. The script should catch requested urls and update the database before routing the url requested using urls.py. How can this be done??
To do such things you should use middleware. Copying from the documentation:
Middleware is a framework of hooks into Django’s request/response processing. It’s a light, low-level “plugin” system for globally altering Django’s input or output.
A middleware is a simple class that can define a number of methods. You'd need to define the process_request or process_view method and there do your database updates etc
Try using a middleware:
class MyTrackingMiddleware(object):
def process_request(self, request):
# save your request path here
return None
And add it MIDDLEWARE_CLASSES in settings.py