Post to the server. : Forums : PythonAnywhere

Post to the server.

Hi, I have a post request that is going through, on my app, https://github.com/derekriemer/derek-django My app gets the users location and then makes a post request to the server on pythonanywhere, but it seems that it isn't working. It works perfectly fine on my machine, reloading the view when the weather data comes in for python with manage.py runserver, however, Is there a caveat with pythonanywhere and post requests? It seems that the post request doesn't even go through. my javascript looks like this if it is of any help.

        var csrftoken = $.cookie('csrftoken');
    function csrfSafeMethod(method) {
        // these HTTP methods do not require CSRF protection
        return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
    }
    $.ajaxSetup({
        beforeSend: function(xhr, settings) {
            if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
                xhr.setRequestHeader("X-CSRFToken", csrftoken);
            }
        }
    });
    $.post("forecast",
    {
        lat : position.coords.latitude,
        lng : position.coords.longitude,
        page: page
    },
    function(data, status){
        document.write(data);
        alert(data+"\n\n"+status);
        setTimeout(function(){
            document.getElementById("skip").setFocus();
        }, 30);;
    });

    });

deleted-user-755968 | 17 posts | May 12, 2015, 3:25 a.m. | permalink

How can you tell the POST request isn't coming through? Is anything appearing in the access logs? What do you see if you open up your browser's debug console (Ctrl+shift+I)? What response are you getting to the ajax requests?

harry | 2710 posts | PythonAnywhere staff | May 12, 2015, 6:28 a.m. | permalink

It seems that somehow my crfs token isn't being given in a cookie to my site at derekriemer.pythonanywhere.com. It works fine on my local machine, and I am not sure why this cookie isn't being given out whith requests.

deleted-user-755968 | 17 posts | May 12, 2015, 3:38 p.m. | permalink

Could this be because pythonanywhere is a subdomain and my browser isn't receiving cookies from derekriemer.pythonanywhere but just pythonanywhere?

deleted-user-755968 | 17 posts | May 12, 2015, 3:40 p.m. | permalink

I changed this so to using {% csrf_token %} and then getting the token from there and it worked. I am not sure if this is secure though.

deleted-user-755968 | 17 posts | May 12, 2015, 5:28 p.m. | permalink

that shouldn't be a big security problem as that is what you use when you are submitting a non-ajax form.

what happens if you look at what the value of your csrftoken is? ie. if you just console log it when beforeSend is called. Is your csrf token out of scope of your beforeSend function? and is the $.cookie function actually returning the token?

conrad | 4232 posts | PythonAnywhere staff | May 14, 2015, 12:09 p.m. | permalink

The cookie isn't even there. My csrf tok,token is for the cookie for the domain pythonanywhere.com, not my subdomain.

deleted-user-755968 | 17 posts | May 14, 2015, 7:35 p.m. | permalink

Oh. Are you also loading jquery's cookie plugin? Otherwise $.cookie('csrftoken') doesn't actually work... Just straight from django documentation, try replacing that line with this whole chunk of code.

function getCookie(name) {
    var cookieValue = null;
    if (document.cookie && document.cookie != '') {
        var cookies = document.cookie.split(';');
        for (var i = 0; i < cookies.length; i++) {
            var cookie = jQuery.trim(cookies[i]);
            if (cookie.substring(0, name.length + 1) == (name + '=')) {
                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                break;
            }
        }
    }
    return cookieValue;
}
var csrftoken = getCookie('csrftoken');

conrad | 4232 posts | PythonAnywhere staff | May 15, 2015, 11:45 a.m. | permalink

Did this ever get resolved? I have much the same problem.

I have added the line <code>alert($.cookie('csrftoken'));</code> to my page. Running locally this pops up with the token on pythonanywhere it gives 'undefined'

deleted-user-1796520 | 2 posts | Oct. 14, 2016, 6:25 p.m. | permalink

Do you have a URL you could share that demonstrates the problem?

giles | 12640 posts | PythonAnywhere staff | Oct. 14, 2016, 6:54 p.m. | permalink

(If it's not something you'd like to post publicly, but you're willing to share it with the PythonAnywhere team so that we can help debug, then just use the "Send feedback" link at the top of the page.)

giles | 12640 posts | PythonAnywhere staff | Oct. 14, 2016, 6:54 p.m. | permalink

Site is here: http://djtroll.pythonanywhere.com/kaleido/game/2 Code for the app (not the site - I had problems with that, but that is another story) is on github: https://github.com/DaveTheTroll/Kaleido

(Reply was delayed as I've been AFK for a few days)

deleted-user-1796520 | 2 posts | Oct. 18, 2016, 12:47 p.m. | permalink

Maybe double check that your middleware etc is in the correct order? And or try stripping out things until you get your csrf token back?

conrad | 4232 posts | PythonAnywhere staff | Oct. 18, 2016, 1:51 p.m. | permalink