4

in template:

<script type="text/javascript">
        $.ajax({
             type:"POST",
             url:"{% url DrHub.views.ajxTest %}",
             data: {
                    'start': $('#id_startTime').val(),
                    'end': $('#id_endTime').val(),
                    'csrfmiddlewaretoken': '{{ csrf_token }}'
             },
             success: function(data){
                 alert(data);
             }
        });
</script>
.
.
.
<form method='POST' action=".">
    {% csrf_token %}
    <input type="text id="id_startTime" />
    <input type="text id="id_endTime" />
    <input type="submit" value="send" />
</form>

in views:

def ajxTest(request):
   if request.is_ajax():
      if request.method == 'POST':
         return HttpResponse(json.dumps({'message' : 'awesome'},ensure_ascii=False), mimetype='application/javascript')

in settings.py:

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.locale.LocaleMiddleware',
)

when submitting form I have this error:CSRF verification failed. Request aborted.

I searched alot but none of suggested solutions worked for me!

like : Django CSRF check failing with an Ajax POST request

and : Ajax Post in Django framework?

I refreenced to a js file with this content:

$.ajaxSetup({ 
     beforeSend: function(xhr, settings) {
         function getCookie(name) {
             var cookieValue = null;
             if (document.cookie && document.cookie != '') {
                 var cookies = document.cookie.split(';');
                 for (var i = 0; i < cookies.length; i++) {
                     var cookie = jQuery.trim(cookies[i]);
                     // Does this cookie string begin with the name we want?
                 if (cookie.substring(0, name.length + 1) == (name + '=')) {
                     cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                     break;
                 }
             }
         }
         return cookieValue;
         }
         if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
             // Only send the token to relative URLs i.e. locally.
             xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
         }
     } 
});

but this didn't work,too!

And I saw a solution that say use ajaxSetup instead of ajaxSend to post data,how can I do this?

Improve this question
12
  • 1
    have you checked in the firebug that the CSRF token value are being posted Commented Feb 21, 2012 at 18:44
  • I don't know how to use firebug :D Commented Feb 21, 2012 at 18:45
  • 2
    you can get it from here getfirebug.com its a firefox extension Commented Feb 21, 2012 at 18:47
  • I installed firebug but I didn't understand it! Commented Feb 21, 2012 at 19:18
  • when your page is loaded press f12 a window will popup infront of you, now inside that window go to Net tab and inside that tab select XHR, now do the ajax request it will be shown there Commented Feb 21, 2012 at 19:28

8 Answers 8

Reset to default
5

You should pull the csrfmiddlewaretoken from the dom element:

{'csrfmiddlewaretoken':$( "#csrfmiddlewaretoken" ).val()}

The above is exactly what I do in several places and it works.

Edit just to add some clarity drawing from your material:

<script type="text/javascript">
    $.ajax({
         type:"POST",
         url:"{% url DrHub.views.ajxTest %}",
         data: {
                'start': $('#id_startTime').val(),
                'end': $('#id_endTime').val(),
                'csrfmiddlewaretoken':$( "#csrfmiddlewaretoken" ).val()
         },
         success: function(data){
             alert(data);
         }
    });
</script>
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Try adding this: 'django.middleware.csrf.CsrfResponseMiddleware', directly below 'django.middleware.csrf.CsrfViewMiddleware',
adding this line cause this error:A server error occurred. Please contact the administrator.
what version of django are you using?
django is 1.3,what do U think?
My version of django (1.7) doesn't give the hidden element an id, so #csrf... won't work. Instead I needed to get the element using a name selector: $('[name=csrfmiddlewaretoken]').val().
4

having this a refrence to a js file with this content was my solution:

jQuery(document).ajaxSend(function(event, xhr, settings) {
    function getCookie(name) {
        var cookieValue = null;
        if (document.cookie && document.cookie != '') {
            var cookies = document.cookie.split(';');
            for (var i = 0; i < cookies.length; i++) {
                var cookie = jQuery.trim(cookies[i]);
                // Does this cookie string begin with the name we want?
                if (cookie.substring(0, name.length + 1) == (name + '=')) {
                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                    break;
                }
            }
        }
        return cookieValue;
    }
    function sameOrigin(url) {
        // url could be relative or scheme relative or absolute
        var host = document.location.host; // host + port
        var protocol = document.location.protocol;
        var sr_origin = '//' + host;
        var origin = protocol + sr_origin;
        // Allow absolute or scheme relative URLs to same origin
        return (url == origin || url.slice(0, origin.length + 1) == origin + '/') ||
            (url == sr_origin || url.slice(0, sr_origin.length + 1) == sr_origin + '/') ||
            // or any other URL that isn't scheme relative or absolute i.e relative.
            !(/^(\/\/|http:|https:).*/.test(url));
    }
    function safeMethod(method) {
        return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
    }

    if (!safeMethod(settings.type) && sameOrigin(settings.url)) {
        xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
    }
});
Improve this answer

Comments

4

There's also another shortcut to this. I wouldn't know if the security thing here is of so much value and importance. I ran into this problem but there seems to be a lot of hacks around this that end up trying to submit the csrftoken from an existing cookie. I don't know what would happen if this cookie does not exist or was not set.

My approach was to add a @csrf_exempt to the view that processes the ajax post. You import the csrf_exempt from django.views.decorators.csrf

Like this: 

from django.views.decorators.csrf import csrf_exempt

And than, from the view method:

@csrf_exempt
def the_method_to_be_called(request):

...

see this link

Improve this answer

Comments

1

in HTML(template)

{% csrf_token %}

in JS

$.ajax({
    type: "POST",
    url: '/brand-admin/publish_article/',
    data: {
      'article_id': article_id,
      'csrfmiddlewaretoken':$( "input[name='csrfmiddlewaretoken']" ).val()
    },
    dataType: 'json',
    success: function (data) {
      console.log(data);
    }
  });
Improve this answer

Comments

1

I have solve it by doing following:

let data = {};
data.somedata = somedata;
data.csrfmiddlewaretoken = '{{ csrf_token }}';

  $.ajax({
          type: 'POST',
          url: "/myadmin/user/medical/"+rowId,
          data: data,
          dataType: "json",
          success: function(resultData) { alert("Save Complete") }
        });

Hope this will work for someone.

Improve this answer

Comments

0

Please add the csrfmiddlewaretoken as csrfmiddlewaretoken: {% csrf_token %} in your js.

<script type="text/javascript">
        $.ajax({
             type:"POST",
             url:"{% url DrHub.views.ajxTest %}",
             data: {
                    'start': $('#id_startTime').val(),
                    'end': $('#id_endTime').val(),
                    'csrfmiddlewaretoken': '{% csrf_token %}'
             },
             success: function(data){
                 alert(data);
             }
        });
</script>
Improve this answer

Comments

0

If the {% csrf_token %} is in your form on your template:

<form id="the-form" autocomplete="off">
    {% csrf_token %}
    <input type="text" name="q">
    <input type="submit" value="Submit">
</form>

you should be able to send it up using:

$("#the-form").submit(function(e){
  e.preventDefault();
  $.ajax({
    type: "POST",
    url: "/post-url",
    data: $("#the-form").serialize(),
    success: function(data){
      console.log(data);
    }
  });
});
Improve this answer

Comments

0

SIMPLEST WAY: csrfmiddlewaretoken will be available in dom elements.

Just fetch the csrfmiddlewaretoken from the dom elements using the name as shown below:

'csrfmiddlewaretoken': $("input[name=csrfmiddlewaretoken]").val()

You can fetch it by id also, but sometimes that dom element won't be carrieng id, So this is the best way.

You can just copy paste the following code:

    $.ajax({
        type:"POST",
        url:"{% url DrHub.views.ajxTest %}",
        data: {
                'start': $('#id_startTime').val(),
                'end': $('#id_endTime').val(),
                'csrfmiddlewaretoken': $("input[name=csrfmiddlewaretoken]").val()
        },
        success: function(data){
            alert(data);
        }
    });
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.