All geek questions in one place

How to convert Django HttpResponse to a Django processing call

I have the following code

def ajax_login_request(request): try: request.POST[u'login'] dictionary = request.POST except: dictionary = request.GET user = authenticate(username = dictionary[u'login'], password = dictionary[u'password']) if user and user.is_active: login(request, user) result = True else: result = False response = HttpResponse(json.dumps(result), mimetype = u'application/json') return response

which is called through ajax. I am noob, and this is from an example in the book. Unfortunately, the version of Django that I am using causes a CSRF error. I made other CSRF bits, but I don't know how to change the HttpResponse bit to a render call. I do not want to use CSRF_exempt, because I have no idea when it is appropriate. Can someone please provide me with the equivalent render call for the HttpResponse above.

thanks

+6
source share
2 answers

For your source code to work, you need to get the RequestContext object and pass it along with your answer, something like this:

 from django.http import HttpResponse from django.template import RequestContext, Template def ajax_login_request(request): # ... # This bit of code adds the CSRF bits to your request. c = RequestContext(request,{'result':json.dumps(result)}) t = Template("{{result}}") # A dummy template response = HttpResponse(t.render(c), mimetype = u'application/json') return response

Read the CSRF documentation as you may encounter strange errors if you do not understand how the CSRF is β€œconnected” in your application. There is also a javascript snippet on the page to make sure CSRF cookies are sent with your ajax requests if you send them without a form.

You can also use the render_to_response () shortcut, but you will need to load the actual template (in your case you aren’t "I need a template, hence the" dummy "template in my example).

+7
source

Ok, I'm going to reverse engineer this answer so that you understand where I come from. The CSRF tool works as follows:

 You make request -------> request hits csrf --(invalid/no token)--> render 403 middleware | (valid token) | \ / Call view | \ / middleware sets csrf cookie | \ / Response appears

In other words, if you see the 403 csrf page, your opinion has never been called up. You can confirm this by inserting a false print statement in the view and looking at the output from runserver when you make your request.

To solve this problem, you need to either disable csrf (not good) or use one of the ajax methods available to you . If the required token is passed in your view, it will actually be executed.

The reason your opinion is not being called is to prevent the reality from the fake website from ever happening - for example, if you reject the template during the response, the user will already be logged in. The same thing happens with Decorators functions.

As for middleware, a cookie that does not change at all or is independent of the rendering function sets the HTTP Cookie: ... header Cookie: ... in the response. All answers in Django are HttpResponse objects until they finally convert them to output; render functions are helpers, but that is not what causes your problem here.

Change I will transform what you have into call rendering. You can do it:

 return render_to_response(`ajax_templates/login_response.html`, {'loginresponse': json.dumps(result)})

Where ajax_templates/login_response.html true:

 {% loginresponse %}

What is it. HttpResponse has a basic default argument that returns a string (literally, html web page); what are you doing initially. render_to_response and render are shortcuts for this that do this:

 render_to_response called ----> open template asked for --> substitute arguments | \ / django instructs web server <--- return this from view <-- create HttpResponse to send to client object
+7
source

Source: https://habr.com/ru/post/902750/

More articles:


All Articles