This same issue is being discussed here as well:
- https://groups.google.com/forum/#!topic/django-developers/tEEw02RhV0M
On Friday, May 29, 2015 at 8:23:43 AM UTC-6, Troy Grosfield wrote:
>
> Thanks @andre for the idea. I have seen the stuff from
> django-cors-headers and use that app i
Thanks @andre for the idea. I have seen the stuff from django-cors-headers
and use that app in my app. However, I can't help, but feel like changing
the *request.MEA['HTTP_REFERER']* feels way to hacky for my liking. I know
this would work as a workaround until the ticket that @ramiromorales
On Fri, May 29, 2015 at 12:41 AM, Troy Grosfield
wrote:
>
> I have the following domain and subdomains both are trusted and both are
> secure (https):
>
> https://example.com
> https://api.example.com
>
> When making POST ajax request from https://example.com to
> https://api.example.com I see t
Hey,
I also came across this "issue" which I believe will become very common as
architectures as the one described above are starting to be more common.
Moreover, IMHO the overall way that Django handles CORS issues is
sub-optimal... another issue that I keep bumping against is having multiple
Don't want to do csrf_exempt because I need csrf protection since I'm
posting data to the api. This works in cases where the site isn't secure
(https), but once the code is moved to prod (secure site) it fails.
On Thursday, May 28, 2015 at 11:09:04 PM UTC-6, Josh Smeaton wrote:
>
> Forgive me,
Forgive me, but wouldn't you just declare those views as csrf_exempt? A
csrf token at one site isn't going to be valid at another, right?
On Friday, 29 May 2015 13:44:42 UTC+10, Troy Grosfield wrote:
>
> I have the following domain and subdomains both are trusted and both are
> secure (https):
>
I have the following domain and subdomains both are trusted and both are
secure (https):
- https://example.com
- https://api.example.com
When making POST ajax request from *https://example.com* to
*https://api.example.com* I see the following error message:
1. detail: "CSRF Failed: R
