Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.
  • Root
  • » Django
  • » "CSRF verification failed" when sending simple GET request using curl [RSS Feed]

#1 Jan. 19, 2011 12:04:12

s.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

"CSRF verification failed" when sending simple GET request using curl


I'm new to Django. I have installed the latest Django and completed
the four-page tutorial. I created a very simple view as below:

========
from django.http import HttpResponse

def test(request):
return HttpResponse('My name is ' + request.GET)
========

I'm able to navigate to "http://localhost:8000/demo/test?name=Bob"; and
get the following response:

My name is Bob


However, when I tried this:

$ curl -d "name=Bob"http://localhost:8000/demo/testI got some errors like this:

========
Forbidden (403)
CSRF verification failed. Request aborted.

Help
Reason given for failure:
No CSRF or session cookie.

...
========

Does anyone have any ideas?

Thanks.

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#2 Jan. 19, 2011 12:14:47

Jirka V.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

"CSRF verification failed" when sending simple GET request using curl


> However, when I tried this:
>
>    $ curl -d "name=Bob"http://localhost:8000/demo/testcurl -d sends data using POST method, not GET method (see curl
documentation). Django expects CSRF token in all POST requests, checkhttp://docs.djangoproject.com/en/dev/ref/contrib/csrf/HTH

Jirka

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#3 Jan. 19, 2011 12:16:16

Martin P.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

"CSRF verification failed" when sending simple GET request using curl


-d flag sends the specified data in a POST request to the HTTP server, since
you don't supply CSRF token, Django assumes the post is malicious.
See morehttp://docs.djangoproject.com/en/dev/ref/contrib/csrf/?from=olddocs--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#4 Jan. 19, 2011 12:24:22

Martin P.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

"CSRF verification failed" when sending simple GET request using curl


curl -d "name=Bob" -Ghttp://localhost:8000/demo/test--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#5 Jan. 19, 2011 23:07:12

s.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

"CSRF verification failed" when sending simple GET request using curl


How do I add CSRF token to curl then?

What if I wanna expose my views as web services without providing a
UI, how do I make sure clients (e.g. Ajax, actionscript, etc) can use
it without this CSRF issue?


Thanks.

On Jan 19, 4:14 am, Jirka Vejrazka <jirka.vejra...@gmail.com> wrote:
> > However, when I tried this:
>
> >    $ curl -d "name=Bob"http://localhost:8000/demo/test>
>   curl -d sends data using POST method, not GET method (see curl
> documentation). Django expects CSRF token in all POST requests,
> checkhttp://docs.djangoproject.com/en/dev/ref/contrib/csrf/>
>    HTH
>
>      Jirka

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#6 Jan. 19, 2011 23:26:54

Andy M.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

"CSRF verification failed" when sending simple GET request using curl


> What if I wanna expose my views as web services without providing a
> UI, how do I make sure clients (e.g. Ajax, actionscript, etc) can use
> it without this CSRF issue?

You can mark things as exempt if you'd like to and are aware of the
implications:http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#exceptions--
Andy McKay
a...@clearwind.ca
twitter: @andymckay


--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#7 Jan. 20, 2011 01:01:49

s.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

"CSRF verification failed" when sending simple GET request using curl


Is there a way to completely disable CSRF handling?

Is there an documentation about how to create web services APIs using
Django without frontends?

Thanks.

On Jan 19, 3:26 pm, Andy McKay <a...@clearwind.ca> wrote:
> > What if I wanna expose my views as web services without providing a
> > UI, how do I make sure clients (e.g. Ajax, actionscript, etc) can use
> > it without this CSRF issue?
>
> You can mark things as exempt if you'd like to and are aware of the
> implications:
>
>http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#exceptions> --
>   Andy McKay
>   a...@clearwind.ca
>   twitter: @andymckay

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#8 Jan. 20, 2011 04:09:29

a.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

"CSRF verification failed" when sending simple GET request using curl


maybe use something like pistonhttps://bitbucket.org/jespern/django-piston/wiki/Home--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#9 Jan. 20, 2011 10:20:02

Daniel R.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

"CSRF verification failed" when sending simple GET request using curl


On Wednesday, January 19, 2011 11:07:04 PM UTC, scabbage wrote:
>
> How do I add CSRF token to curl then?
>
> What if I wanna expose my views as web services without providing a
> UI, how do I make sure clients (e.g. Ajax, actionscript, etc) can use
> it without this CSRF issue?
>
>
> Thanks.
>

AJAX requests are automatically CSRF exempt. See:http://docs.djangoproject.com/en/1.2/ref/contrib/csrf/#ajax--
DR.

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#10 Jan. 20, 2011 12:57:18

Shawn M.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

"CSRF verification failed" when sending simple GET request using curl


On Jan 19, 2011, at 8:01 PM, scabbage wrote:

> Is there a way to completely disable CSRF handling?

Sure, just remove the CSRF middleware from your settings.py.


--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

  • Root
  • » Django
  • » "CSRF verification failed" when sending simple GET request using curl [RSS Feed]

Board footer

Moderator control

Enjoy the 19th of August
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support