How to add CROS data in request and response to Django?

N

Neoliz2015-12-06 17:36:30

JavaScript

Neoliz, 2015-12-06 17:36:30

Good evening! Help me please! There is a certain script that hangs, let's say, on the site lalalala.ru,
you need to send ajax from this script to the server on which django hangs and process it inside the framework.
Those. here is part of the code. :
js:

$.ajax({
            url: "http://127.0.0.1:8000/widgets/ie",
            type: 'POST',
            data: {
                number: number,
                site: site,
            },
            dataType:"json",
            error: function() {
                    //window.location.href = "{{url}}/crm/todos/";
                alert("bad");
            },
            // При успехе меняем информацию в шаблоне
                success: function(data){
                   // window.location.href = "{{url}}/crm/todos/";
                    //printModalOpen(data.name, data.info, data.date, data.metka, data.pk);
                alert("ya");
                },
            // CSRF механизм защиты Django
                beforeSend: function(xhr, settings) {
                    console.log('-------------before send--');
                    function getCookie(name) {
                        var cookieValue = null;
                        if (document.cookie && document.cookie != '') {
                            var cookies = document.cookie.split(';');
                            for (var i = 0; i < cookies.length; i++) {
                                var cookie = jQuery.trim(cookies[i]);
                                // Does this cookie string begin with the name we want?
                            if (cookie.substring(0, name.length + 1) == (name + '=')) {
                                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                                break;
                            }
                        }
                    }
                    return cookieValue;
                    }
                    if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
                        // Only send the token to relative URLs i.e. locally.
                        xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
                    }
                }
            });// ajax

There are two problems:
1) You need to hook Access-Control-Allow-Origin, both in the request and in the response, because the request fails without it. I picked Google, but I didn’t find a guide or how to do it.
2) How can I make a request with csrf_token?? those. I'm not on the Django site, but on another. How can I send a request there??? Please help and don't throw tomatoes, I'm just learning!))

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

sim3x, 2015-12-06
@sim3x

https://docs.djangoproject.com/en/1.9/ref/csrf/#ajax
top request response
https://www.google.com/search?q=django+csrf_token+...

H

huko, 2015-12-07
@huko

https://github.com/ottoyiu/django-cors-headers/
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def bla-bla(request):
will disable crfs validation for this feature only