I have the following domain and subdomains both are trusted and both are
secure (https):
- https://example.com
- https://api.example.com
When making POST ajax request from *https://example.com* to
*https://api.example.com* I see the following error message:
1. detail: "CSRF Failed: R
>
> Forgive me, but wouldn't you just declare those views as csrf_exempt? A
> csrf token at one site isn't going to be valid at another, right?
>
> On Friday, 29 May 2015 13:44:42 UTC+10, Troy Grosfield wrote:
>>
>> I have the following domain and subdom
orales wrote:
>
> On Fri, May 29, 2015 at 12:41 AM, Troy Grosfield
> > wrote:
> >
> > I have the following domain and subdomains both are trusted and both are
> secure (https):
> >
> > https://example.com
> > https://api.example.com
> >
This same issue is being discussed here as well:
- https://groups.google.com/forum/#!topic/django-developers/tEEw02RhV0M
On Friday, May 29, 2015 at 8:23:43 AM UTC-6, Troy Grosfield wrote:
>
> Thanks @andre for the idea. I have seen the stuff from
> django-cors-headers and use
I just recently posted on the same issue:
- https://groups.google.com/forum/#!topic/django-developers/6kUiODYObnU
I definitely would like to see some change to make communicating between
trusted subdomains easier. In my case it's *https://example.com* posting
data to *https://api.exampl