i new django , web development @ all, faced problem csrf tokens
prerequisites: wagtail-based web-site , django rest api on different domains
on website have login form (which includes {% csrf_token %}
).
the js script on submit:
function gettoken(){ document.cookie = "path=/; csrftoken = {% csrf_token %}"; var xhr = new xmlhttprequest(); xhr.open('post', url, false); xhr.setrequestheader("content-type", "application/json;charset=utf-8"); xhr.setrequestheader("x-csrftoken", $.cookie('csrftoken')); xhr.send(json.stringify({"username":document.getelementbyid("login").value, "password":document.getelementbyid("password").value})); if (xhr.status != 200) { alert( "err" ); } else { alert( xhr.responsetext ); document.cookie = "token = " + json.parse(xhr.responsetext).key; } }
in chrome everyting works fine, in ie , opera after successful login show me
403: csrf verification failed. request aborted.
after refresh page in ie , opera everyting fine, see logged in user.
also noticed: before , after login csrf token same, , in other browsers changes.
can please?
Comments
Post a Comment