I followed all the instructions to get Ajax working properly with Django (ajaxSetup to add the X-CSRFToken header on every request, etc) and that part now works fine.
I'm using django-rest-framework, django-allauth and rest-auth
I'm now trying to test Facebook login with DRF, since Facebook doesn't allow for localhost to be a registered app I edited ~/etc/host and added local.test.com as an alias for 127.0.0.1. Now whenever I try to post to Django I get 403 forbidden again. I think it may have something to do with the Request URL and the Remote Address being different, but I don't really know what to do with it.
Since I'm not sure where the problem is I think it makes more sense to just share the link to the project on github: https://github.com/Sebastiansc/Sauti
What can I do to allow POST Ajax requests coming from local.test.com to work?
try with #csrf_exempt
from django.views.decorators.csrf import csrf_exempt
#csrf_exempt
def your_view(request):
print "fff"
print "do your things..."
Related
I made python function using AWS lambda and connected lambda with API Gateway
After then, I tested API. It worked well.
Testing in API Gateway was Successful
Now I tried to using this API with AJAX.
Javascript AJAX Code was like this
How ever result was
"jquery-3.4.1.js:9837 GET https://9i1jhuewmj.execute-api.ap-northeast-2.amazonaws.com/test/transaction?jpgname=image.jpg net::ERR_FAILED"
How can i solve this problem??
Hope for your wisdom!
Thank you
I think there are a few things. The content-type header being returned is application/json but the response is not JSON.
But I think the main problem is that the HTTP status being returned is 301. This tells the browser that this resource has been moved and the browser typically expects the response to contain information on where things are moved to so it can redirect.
I suspect if you change your configuration so that a more normal response code (i.e. 200) is returned, this will work better.
I have a startup django-rest-framework app, which I'm using to serve data to another Django app
I have no issues with GET, POST, and DELETE, but when I issue a PUT - I get 405
What can I do to fix that?
if I'm remembering well, I has the same issue. Following the tutorial of django-rest-framework I noticed that pressing PUT botton request and monitoring network tab of chrome developer tools it did a POST request instead of PUT request.
Maybe '405 METHOD NOT ALLOWED' error message caused by request without '/' at the end of the url.
Not working 127.0.0.1:8000/article/9
Working 127.0.0.1:8000/article/9/
If not, check how you request it. It's similar to request DELETE method.
This is an example I've just testing using PAW http client application
PUT Method request screenshot
PUT Method request result screenshot
I am trying using facebook from Scrapy.
I can log in successfully. However, I can't get the posts on facebook because the posts comes from ajax calls.
I tried using firebug and check the XHR. I got this:
I tried to check the response of all those request but none of them contains the actual data of the posts.
What is the ajax request that get the posts on facebook?
Thanks in advance
Don't use the AJAX calls from your browser. Those are encrypted since Facebook uses HTTPS connections. Focus on using their API to make the calls you need to get the data you want. That's the entire purpose of their Graph API.
I am trying to implement OAUTH for accessing Flickr APIs. My AJAX call to flickr.com keeps failing.
Sample Error Message:
XMLHttpRequest cannot load http://www.flickr.com/services/oauth /request_token?oauth_callback=oob&oauth…signature_method=HMAC-SHA1&oauth_timestamp=1368375405647&oauth_version=1.0. Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
Initially I used chrome and read the html file as file://path. I used to get the error 'null not allowed by access-control-allow-origin'. I solved this problem by copying the html file to 'local IIS server', 'local python webserver' and then a 'remote webserver'. I created python web server using > python -m http.server 8080'
I realize my cross browser call to flickr.com using XMLHttpRequest is failing. I tried by various solutions suggested in this forum:
Using newer Chrome 26.0.1410.64 m, which I guess supports CORS
I launched chrome with --disable-web-security
I created a web server using python -m http.server 8080 on local machine and then on a remote machine and copied the html file to the site
I copied file to a local MSFT IIS server
I defined URL in etc/hosts file to avoid numeric IP
I still get the same error (with relevant URL in the error message)
code clipping:
urlString="http://www.flickr.com/services/oauth/request_token?"+
"oauth_callback="+"oob"+'&'+
"oauth_consumer_key="+consumerKey+'&'+
"oauth_nonce="+nonce+'&'+
"oauth_signature="+esignature+'&'+
"oauth_signature_method="+macAlgorithm+'&'+
"oauth_timestamp="+timeStamp+'&'+
"oauth_version=1.0";
$.ajax({
url: urlString,
success:function(data){
alert(data);
}
});
In order to CORS work, both ends must enable it.
The first end is the browser, and, as you are using Chrome 26.*, yours is ok.
The second end is the server:
Before making a GET request to a domain different than the one the page is on, the browser sends an OPTIONS request to that domain. In response to this request, the server should include some headers that tell if a cross-domain request (GET, POST or other) is allowed.
One of those headers is Access-Control-Allow-Origin.
So when you run your page from your file system (file:// "protocol"), the OPTIONS means something like "Flickr, can I make a cross-domain call to you? I'm calling from null". Flickr does not recognize that domain as allowed and returns the error you are getting.
Same way, when you run your page from your local server, the OPTIONS says "(...) I'm calling from localhost:8080". Flickr does not recognize that domain as allowed as well.
The solution:
I don't know the Flickr oauth service, but I know that, as any other service, to make a CORS call to it, the page must be in a domain allowed by it. From your tests, I'm guessing Flickr does't allow many other domains.
But... an alternative to CORS is JSONP. I did a little research, Flickr oauth seems to support it.
Check this page for details: http://www.flickr.com/services/api/explore/flickr.auth.oauth.getAccessToken
There's another question talking about that specific subject:
Is JSONP supported in the new Flickr OAuth API?
About JSONP, this can get you started: How to make a JSONP request from Javascript without JQuery?
It is not possible to implement Oauth 1.0 through just javascript without any server side script. Since the flickr's new authentication process is based on Oauth 1.0a. You got to use a server-side script.
I tried to send the token request using JSONP in FireFox with CORS on(using a third-party add-on) and it worked fine. But without using any add-ons, it's not possible as the response from flickr is in text format(not in a JSON format) and the request fails.
You can either use server-side code for token request. OR Use the deprecated flickr API for authentication.
I am currently using Django 1.2. I am trying to send an ajax request to my Django site from our newly established drupal installation. I am able to send the request no problem from one view to another on my DJANGO site but I am unable to send a request from my local machine. I continue to get an error, I assume there is a CSRF verification issue. Does anyone know how I may resolve this issue.
-Greg
Not so recommended but quickest:
You can easily disable csrf protection for certain django views using csrf_exempt decorator. You can find more info in django docs
this might be also more justified if you run your app in 'trusted environment'.
Please mind that this causes some security problems. If you decide to use csrf_exempt you can think of some additional verifications (eg. you can allow requests on some view for some limited set of IPs or something else).