javascript - CSRF Token refresh in different browsers -


i new django , web development @ all, faced problem csrf tokens

prerequisites: wagtail-based web-site , django rest api on different domains

on website have login form (which includes {% csrf_token %}).

the js script on submit:

function gettoken(){         document.cookie = "path=/; csrftoken = {% csrf_token %}";         var xhr = new xmlhttprequest();         xhr.open('post', url, false);         xhr.setrequestheader("content-type", "application/json;charset=utf-8");         xhr.setrequestheader("x-csrftoken", $.cookie('csrftoken'));         xhr.send(json.stringify({"username":document.getelementbyid("login").value,                         "password":document.getelementbyid("password").value}));         if (xhr.status != 200) {             alert( "err" );                     }         else {             alert( xhr.responsetext );             document.cookie = "token = " + json.parse(xhr.responsetext).key;                 }         } 

in chrome everyting works fine, in ie , opera after successful login show me

403: csrf verification failed. request aborted.  

after refresh page in ie , opera everyting fine, see logged in user.

also noticed: before , after login csrf token same, , in other browsers changes.

can please?


Comments