Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.

#1 Dec. 7, 2010 10:40:55

g.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

Django CSRF 1.2


I have a PERL test script for DJANGO connection test. It works on
Django 1.1 admin login page, but doesn't work on 1.2. The request
contains:
<div id="summary">
<h1>Forbidden <span>(403)</span></h1>
<p>CSRF verification failed. Request aborted.</p>
</div>

Here is the perl script:
$response = $ua->get("$url/admin/");
my @lines = grep /id='csrfmiddlewaretoken'/,$response->content;
$lines =~ /id='csrfmiddlewaretoken' name='csrfmiddlewaretoken'
value='(+)'/;
$csrfid=$1;
my $req = HTTP::Request->new(POST => "$url/admin/",
);
$req->header('Referer', "$url/admin/");
$ua->cookie_jar->add_cookie_header($req);
$response = $ua->request($req);

What's wrong? Have I forgot something?
1. Read the csrf hidden input
2. Keep cookies
3. Set csrf input to POST
4. Set cookie to headers
5. Set refer page (beacuse of HTTPS conection)
6. Make a POST request

Where can I find similar python script to test login page?







--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#2 Dec. 7, 2010 14:25:36

g.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

Django CSRF 1.2


I'm sorry, the error was in my PERL code:
$req->content("csrfmiddlewaretoken=$csrfid");
is the correct POST request setting.

On Dec 7, 11:40 am, gentlestone <tibor.b...@hotmail.com> wrote:
> I have a PERL test script for DJANGO connection test. It works on
> Django 1.1 admin login page, but doesn't work on 1.2. The request
> contains:
> <div id="summary">
>   <h1>Forbidden <span>(403)</span></h1>
>   <p>CSRF verification failed. Request aborted.</p>
> </div>
>
> Here is the perl script:
> $response = $ua->get("$url/admin/");
> my @lines = grep /id='csrfmiddlewaretoken'/,$response->content;
> $lines =~ /id='csrfmiddlewaretoken' name='csrfmiddlewaretoken'
> value='(+)'/;
> $csrfid=$1;
> my $req = HTTP::Request->new(POST => "$url/admin/",
> );
> $req->header('Referer', "$url/admin/");
> $ua->cookie_jar->add_cookie_header($req);
> $response = $ua->request($req);
>
> What's wrong? Have I forgot something?
> 1. Read the csrf hidden input
> 2. Keep cookies
> 3. Set csrf input to POST
> 4. Set cookie to headers
> 5. Set refer page (beacuse of HTTPS conection)
> 6. Make a POST request
>
> Where can I find similar python script to test login page?

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

Board footer

Moderator control

Enjoy the 17th of August
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support