Can't post data #131

Closed
qbasicer opened this Issue Oct 10, 2012 · 5 comments

Comments

Projects
None yet
4 participants
@qbasicer

Maybe I'm missing something, but every time I go to add data (using my own scripts or the examples provided), I get:

CSRF verification failed. Request aborted.

No CSRF or session cookie.

In general, this can occur when there is a genuine Cross Site Request Forgery

How to correct my scripts and avoid this error?

@alkino

This comment has been minimized.

Show comment Hide comment
@alkino

alkino Oct 11, 2012

Contributor

In fact, in settings there is

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
)

Comment the line concerning csrf and it will be ok. I think it's only a work around but it works.

Contributor

alkino commented Oct 11, 2012

In fact, in settings there is

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
)

Comment the line concerning csrf and it will be ok. I think it's only a work around but it works.

@qbasicer

This comment has been minimized.

Show comment Hide comment
@qbasicer

qbasicer Oct 11, 2012

Is this the official way to post data? Or is there another method (not by
hand)
On Oct 11, 2012 3:43 AM, "Nicolas Cornu" notifications@github.com wrote:

In fact, in settings there is

MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',)

Comment the line concerning csrf and it will be ok. I think it's only a
work around but it works.


Reply to this email directly or view it on GitHubhttps://github.com/tobami/codespeed/issues/131#issuecomment-9331332.

Is this the official way to post data? Or is there another method (not by
hand)
On Oct 11, 2012 3:43 AM, "Nicolas Cornu" notifications@github.com wrote:

In fact, in settings there is

MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',)

Comment the line concerning csrf and it will be ok. I think it's only a
work around but it works.


Reply to this email directly or view it on GitHubhttps://github.com/tobami/codespeed/issues/131#issuecomment-9331332.

@tobami

This comment has been minimized.

Show comment Hide comment
@tobami

tobami Oct 16, 2012

Owner

What do you mean exactly with "post data"? How are you doing it exactly?

Owner

tobami commented Oct 16, 2012

What do you mean exactly with "post data"? How are you doing it exactly?

@mattrichards

This comment has been minimized.

Show comment Hide comment
@mattrichards

mattrichards Oct 26, 2012

I'm seeing this issue when POSTing using the urllib2.urlopen() approach in the sample code (tools/save_single_result.py).

If I remove the CsrfViewMiddleware class or add an @csrf_exempt decorator to the add_result() function in view.py it goes away.

I am using Django 1.3-2ubuntu1.1 on Ubuntu 12.04.1.

I'm seeing this issue when POSTing using the urllib2.urlopen() approach in the sample code (tools/save_single_result.py).

If I remove the CsrfViewMiddleware class or add an @csrf_exempt decorator to the add_result() function in view.py it goes away.

I am using Django 1.3-2ubuntu1.1 on Ubuntu 12.04.1.

@tobami

This comment has been minimized.

Show comment Hide comment
@tobami

tobami Oct 28, 2012

Owner

OK, the problem is clear: Some helper functions are using ContextRequest, which is automatically protected by CSRFViewMiddleware. I am going to add the exempt decorator, because that API not having auth at all makes such protection totally pointless.

Also please note that the new better way to save data will be the RESTful API, which is authenticated and for which the example script is tools/save_single_result_via_api.py

Owner

tobami commented Oct 28, 2012

OK, the problem is clear: Some helper functions are using ContextRequest, which is automatically protected by CSRFViewMiddleware. I am going to add the exempt decorator, because that API not having auth at all makes such protection totally pointless.

Also please note that the new better way to save data will be the RESTful API, which is authenticated and for which the example script is tools/save_single_result_via_api.py

@tobami tobami closed this in 26b37c5 Oct 28, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment