Django Not Permitting POSTs From Google Web Toolkit - django

I'm trying to get Google Web Toolkit to work with Django through GETs and POSTs, following the examples here. When GWT sends a POST, however, Django sends back an HTTP 403.
My question is then, is Django set up to not receive POSTs? Is there some setting I need to change? Or is there something wrong with the way GWT is sending the POST?
The GET is working either, if anyone also knows something about that.

From django1.2, views are csrf protected.
If you want to csrf exempt any view use csrf_exempt decorator

Related

Django using AJAX or Angular

I am building a blog where users can post and comment using Django, now there is a scenario that I have posts being display on my user page. Using Django for adding a comment it will redirect user to another page. How can I write this using AJAX or AngularJs? I am new to Angular and Ajax and I only need this function specifically.
I appreciate all your help in advance!
I give you link, you follow that if you will got error then put on same question lete know linkajax request
i am new with Django too.but Django Using MVT that means you can use everything in your template and there is no Limits even React or VueJs.
so you can use both.

Django rest framework Reactjs sessions not working

So I have set up Django rest framework as a backend API for an e-commerce website. The website is displayed through a React frontend, which is not served by the django backend.
I am currently running both the Django backend and the React frontend from their local development servers (http://127.0.0.1:8000 and http://127.0.0.1:3000 respectively). In the future they will be on separate domains, probably.
When I set a session in a view, and read the content in another, this works if I just type in the urls for creating and reading directly into my browser (just for testing purposes). But when I access the backend through my frontend, sessions can not be accessed anymore, or don't seem stored. What will happen is that I get a KeyError when trying to access the data that I set in a previous view.
I guess this has to do with something I have read about some time ago, but I find it hard to find the correct information on how to work with this. Does this have to do with the cookie with the session id not being available to the frontend, but only to the backend itself?
Main question:
I would like to know how I can work with sessions, using the above settup, for keeping a shopping cart.
My backend code, just in case someone wonders:
from django.http import HttpResponse
def cart_add(request, product_id, update, quantity):
request.session['one'] = 'created through "cart_add" view'
return HttpResponse("Created a session - cart_add")
def create(request):
request.session['one'] = 'created through "read" view'
return HttpResponse("Created a session - create")
def read(request):
print(request.session['one'])
I have removed some unnecessary code.
The cart_add view is called from the React frontend, using an ajax call (axios).
The create and the read view I called by typing their urls directly into the browser.
(This is all done for testing purposes, just making sure sessions are working before I start to write the real code.)
I've found a solution in another stackoverflow question. This is the link to it.
By adding the following to my axios request, the code works successfully:
axios.get('some api url', {withCredentials: true});
So it seems my assumption about the cookie with the session id not being available to the frontend is incorrect.
I also found out that I could see the cookie by opening the web page in Chrome, then opening the developer tools > going to 'application' tab > click on cookies.
Here all the available cookies are listed, and also a sessionid cookie is shown.
I had the same issue, by adding withCredentials in axios call didn't solve my problem in django 2.2.3 and axios 0.19.0.
If the answer here doesn't work for you, then look into the below answer :)
React Django REST framework session is not persisting/working

Implementing Ajax requests / response with django-allauth

I am using django-allauth for one of my project. I would like to implement login/signup process via ajax. I would like to have customized signup form. I was going through their signupmixin and signup form. Sounds like I can write custom views for each action and map it to the url config. I am not sure what is the best way to do this.
Thank you so much for any help or advice on this.
It depends a bit on what you mean by ajax. If you just want to have a popup-style login/signup box on every page, then you can simply add the form to your base template and show it dynamically using Javascript in a popup box or so. If you keep the form action url to the original allauth urls then this will already give the feel of an ajax signin. You could also tweak things by using $.ajax or $.post to post to the original allauth views.
Something like the above is done on http://officecheese.com/ -- this is an allauth based site, though I am not affiliated with it.
If by ajax you mean that all authentication related views should be displayed via ajax, without causing a new document reload, then I am afraid you are a little bit out of luck. This simply is problematic for scenario's where e-mail verification, or OAuth handshakes are involed, as here you are typically navigating to a new URL from your mailbox, or redirecting to Twitter and so on.

Django: Login from page outside django

Maybe it's a stupid question, but I'm trying to login to my django app using a form that is outside django. My guess is that I could send a POST request to /login, but that would fail because of the csrf token.
Maybe I'm missing some kind of theoretical background, but I would like to know what's the correct way to achieve this.
Background info:
The django authentication is working fine IF you use the django login forms. What I'd like to do is to use an external static html form (on an apache outside django), to post to django directly so when I redirect to my django server, I don't have to login.
CSRF exists to prevent exactly this. Although you no doubt have good intentions, there's no technical difference between this and a hacker trying to steal access to your site via a real CSRF attack.
Sounds like you need a single-signon service like CAS: http://code.google.com/p/django-cas/
(but it's possible overkill)

Is there a way to create an exception in django 1.0 csrf protection?

I know there is in the development version of Django, but I don't see this in Django 1.0. I took a look of the code and such an exception is definitely not built in. I need to have this ability as I can't add the csrf middleware token to a third party flash app I am using which needs to make a POST request back to django. :(
Anyone have any ideas?
The answer to this problem is simply recreate the token using the middleware and add it into the view and then making it accessible in the template for JavaScript/Flash.