|
Having some 403 issues with attempting to pass a CSRF token. I've run through every article and discussion I can find on SO about it but I'm running into a brick wall. According to the django docs I've done this bit regarding creation of the token and passing it into the header code:
code:
code:
When I inspect the 403 error I can see the csrftoken being generated in the cookies request header cookie. Is there something I'm overlooking? From what I understand the csrf middleware should be handling the validation, and I don't need to worry about receiving and processing the cookie do I? The specific error I'm getting is just the "Forbidden (CSRF token missing or incorrect.)" error.
|
# ? Feb 16, 2018 19:41 |
|
|
# ? May 16, 2024 07:59 |
|
Portland Sucks posted:Having some 403 issues with attempting to pass a CSRF token. I've run through every article and discussion I can find on SO about it but I'm running into a brick wall. I'm not sure what's going wrong, but the alternate way to do that (and easier, IMHO), is to use javascript to retrieve the token from the element created by {% csrf_token %} and then add it to the data parameter in your AJAX call manually.
|
# ? Feb 20, 2018 15:05 |
I want to generate a CSV and then write it to a Django FileField (which is using django-storages to upload to s3):code:
code:
|
|
# ? Feb 22, 2018 02:19 |
|
I think you need to use one of the components underneath the wrapper to use it that way. I remember the docs being tricky with that. I can look tomorrow, but also try doing a dir() on that wrapper object to see what your options are.
|
# ? Feb 22, 2018 04:16 |
|
Hed posted:I think you need to use one of the components underneath the wrapper to use it that way. I remember the docs being tricky with that. I can look tomorrow, but also try doing a dir() on that wrapper object to see what your options are. Fairly sure you're correct and he just wants to change the last line to code:
|
# ? Feb 22, 2018 19:14 |
Eleeleth posted:Fairly sure you're correct and he just wants to change the last line to Thanks for the responses guys. I tried that one and got: code:
code:
|
|
# ? Feb 22, 2018 20:53 |
|
Anyone have experience setting up Django/RabbitMQ/Celery on a windows server? I think I've got everything set up as it should be, but attempting to start workers gives me a WinError 10042 response. I've looked around on google and people are just sort of abstractly saying it may be an issue running on windows even though all three say they supposedly support being ran under windows?
|
# ? Feb 22, 2018 22:12 |
|
fletcher posted:I mean it works but this seems waaay too convoluted I haven't actually paid much attention to what your problem here is, but I just wanted to say that in Django writing to filefields is way too convoluted. It's a weird and bad API.
|
# ? Feb 23, 2018 04:34 |
|
Thermopyle posted:I haven't actually paid much attention to what your problem here is, but I just wanted to say that in Django writing to filefields is way too convoluted. It's a weird and bad API. God yes. It feels like the behaviour is way too inconsistent to actually make sense on a regular basis.
|
# ? Feb 28, 2018 03:18 |
|
Has anyone here used django-treebeard in a project? I'm needing to go down this route for a personal project and am looking for any caveats from anyone who's practically incorporated it.
|
# ? Feb 28, 2018 21:04 |
|
I have a reasonably simple model which I'm having trouble trying to display/edit in a form correctly. For example:code:
Is there a way to display/update the form just based on the system in the ticket instance? Or is my modelling incorrect? I've created a function in the Ticket model to get the relevant hosts and if they're currently selected as well, is there any way to pass and read that to/from my crispy form? code:
hanyolo fucked around with this message at 06:25 on Mar 2, 2018 |
# ? Mar 2, 2018 06:12 |
What does your form class look like? What I typically do is specify the form field with a "queryset=None" attribute, and then in the __init__ method for the form I set the queryset for the field based on extra code, like this: code:
|
|
# ? Mar 2, 2018 06:36 |
|
Ah nice yeah that looks good and makes sense, ill give it a go when im back at work, cheers! Edit: didn't work for me, was getting "TicketForm has no attribute 'system' error". Googled around on stack overflow and found a solution: code:
hanyolo fucked around with this message at 04:15 on Mar 5, 2018 |
# ? Mar 3, 2018 04:20 |
I finally got sick of telling clients look youll probably have to flush your cache before the new feature will work, hold down shift and refresh and decided to buckle down and write some kind of static file caching busting thing. Figured I would store a time stamp of the last modification date of every important js and css file in the settings, maybe pass them to all the templates through a context processor. Pain in the rear end but I knew it would be worth it in the end. Ten minutes of reading later and Im using https://docs.djangoproject.com/en/2.0/ref/contrib/staticfiles/#manifeststaticfilesstorage drat I love batteries included E: wtf, preview ate all my quotes and apostrophes
|
|
# ? Mar 3, 2018 21:17 |
|
For some reason I can't seem to google the right words. If I have a url like Python code:
How do I get Django to not do that, and just return a 404 instead? Edit: Oh I think I'm just looking for APPEND_SLASH = False epswing fucked around with this message at 00:32 on Mar 7, 2018 |
# ? Mar 7, 2018 00:27 |
|
https://docs.djangoproject.com/en/2.0/ref/settings/#append-slash
|
# ? Mar 7, 2018 00:30 |
|
Should be able to set this: https://docs.djangoproject.com/en/2.0/ref/settings/#append-slash
|
# ? Mar 7, 2018 00:31 |
|
Hed posted:Should be able to set this: https://docs.djangoproject.com/en/2.0/ref/settings/#append-slash Yep thanks, I was looking all over for stuff about redirection and I missed the obvious setting.
|
# ? Mar 7, 2018 00:34 |
|
Why would I need to specify a queryset and serializer_class for a viewset that only accepts POST? Or should I not be using a viewset in this situation?
|
# ? Mar 10, 2018 17:35 |
huhu posted:Why would I need to specify a queryset and serializer_class for a viewset that only accepts POST? Or should I not be using a viewset in this situation? I think you may just want to use a CreateAPIView if it only accepts POST: http://www.django-rest-framework.org/api-guide/generic-views/#createapiview
|
|
# ? Mar 10, 2018 21:26 |
|
If we assume the benefits of turning a Django app into a separate DRF backend and <js framework of choice> frontend outweigh the cons in general- what's a good way to handle site configuration? So I have a site that I want to reuse for lots of different clients, but the clients have different requirements, say for example that on one form, a client wants the telephone number field to be mandatory whereas another doesn't. A simple flag for the form / DRF view validation is easy enough but what's a smart (and scalable ) way of passing that sane information to the front end without tightly coupling anything together? Obviously I want to avoid creating a new git repository for each client. This is more of an architecture question than django specific I guess
|
# ? Mar 12, 2018 09:49 |
|
Why not just create a template repo and fork it for each site? I imagine you'd spend so much more time on architecture.
|
# ? Mar 12, 2018 23:21 |
|
huhu posted:Why not just create a template repo and fork it for each site? I imagine you'd spend so much more time on architecture. Do you mean a Django template repo? I don't really like the django templating language. For a few simple forms it's fine but when you want client side validation etc it quickly becomes unmanageable.
|
# ? Mar 13, 2018 12:28 |
No, like a basic common project repo that you keep cloning new projects from, like a template. Thats how I usually go about it, but of course if you have common development you want to feed into all your extant projects it can get out of hand pretty quick.
|
|
# ? Mar 13, 2018 12:36 |
|
I wouldn't go multi-tenant architecture unless that's a key requirement for your system and you are designing this business around this concept. If you just want some deployment conveniences and think multi-tenant will go, It will probably cause you more problems in the long run. What do you do when one client hogs all your I/O or CPU?
|
# ? Mar 13, 2018 15:48 |
Ahz posted:I wouldn't go multi-tenant architecture unless that's a key requirement for your system and you are designing this business around this concept. Another thing to consider would be that when you add some feature for one customer, you need to make sure it doesn't introduce regressions for other customers. I think the common project repo to use as a starting point would be the way to go.
|
|
# ? Mar 13, 2018 20:57 |
|
Does anyone know a way to coerce django-filter to use a certain lookup expression without that lookup expression being part of the filter key when passing it into the filter? For example, a model with a CharField of name. I want the lookup to always be name__icontains, but I don't want people putting ?name__icontains=fred in the URL query parameters. I it to be ?name=fred, while django-filter performs name__icontains='fred' in the background. I know I could just resort to a method to perform the filter but that seems like a last resort.
|
# ? Mar 15, 2018 02:05 |
|
Anyone ever experience the Django manage.py runserver stop updating content? If I go into the Django Admin, change an entry, and save it, it doesn't show up in the DRF api until I restart runserver.
|
# ? Mar 16, 2018 01:42 |
huhu posted:Anyone ever experience the Django manage.py runserver stop updating content? If I go into the Django Admin, change an entry, and save it, it doesn't show up in the DRF api until I restart runserver. Never had that issue before, that sounds very very odd.
|
|
# ? Mar 16, 2018 02:26 |
|
Cache issue maybe? I try to always use the dummy cache in dev environment
|
# ? Mar 16, 2018 02:36 |
Does the same thing happen with templated data? What about through the manage.py shell? Would want to narrow it down to a DRF problem, a webserver problem, or a data layer problem...
|
|
# ? Mar 16, 2018 10:40 |
|
Like the rubber duck, I posted here and the problem resolved itself. At least for now. Another question, I have a bunch of portfolio projects, that already exist in the DB, that need images. Going manually one by one and uploading images is kind of annoying. However, everything I'm finding on Google is confusing or horribly outdated. Any suggestions?
|
# ? Mar 16, 2018 18:17 |
Can you upload them all into a directory, write a mapping text file listing which ones go where/with which records, and then write a Django management script to move them into the appropriate places in your media dir (if necessary) and update the image field (and width/height) in your model? Its roll-your-own but its how Ive been spending my week so
|
|
# ? Mar 16, 2018 18:32 |
Okay seriously, why does the awful app keep eating my quotes and apostrophes? In this thread only? Its maddening E: okay so if I look at those same posts on desktop it's fine. Smart quotes getting displayed as blanks in the awful app only I guess? Data Graham fucked around with this message at 19:25 on Mar 16, 2018 |
|
# ? Mar 16, 2018 18:35 |
|
Data Graham posted:Can you upload them all into a directory, write a mapping text file listing which ones go where/with which records, and then write a Django management script to move them into the appropriate places in your media dir (if necessary) and update the image field (and width/height) in your model? Ooh this is a brilliant idea. Thanks!
|
# ? Mar 16, 2018 20:22 |
|
Edit: When you solve something and there isn't really an aha moment. Working Code:code:
I've got a file dir: code:
code:
code:
code:
code:
huhu fucked around with this message at 23:52 on Mar 16, 2018 |
# ? Mar 16, 2018 23:45 |
The media/ dir is special; ImageField expects a value which is a filename relative to your MEDIA_ROOT, which is media/. So assuming youre keeping all the project images in a single directory (which you may or may not want to rethink later on, depending on volume and security and other factors), you should set the value of your src field to just be the bare name of the file, no path. Move the file into the media dir, use PIL.Image to get its width and height (your Image class should have width and height fields too) and set those, and then save. Phone posting from the hip but that should get it going.
|
|
# ? Mar 17, 2018 04:25 |
|
Data Graham posted:Does the same thing happen with templated data? What about through the manage.py shell? Alright so it appears to be an issue with DRF. Django Admin and Django shell both show the updated content but not DRF. Data Graham posted:The media/ dir is special; ImageField expects a value which is a filename relative to your MEDIA_ROOT, which is media/. So assuming youre keeping all the project images in a single directory (which you may or may not want to rethink later on, depending on volume and security and other factors), you should set the value of your src field to just be the bare name of the file, no path. Move the file into the media dir, use PIL.Image to get its width and height (your Image class should have width and height fields too) and set those, and then save. Data Graham posted:The media/ dir is special; ImageField expects a value which is a filename relative to your MEDIA_ROOT, which is media/. So assuming youre keeping all the project images in a single directory (which you may or may not want to rethink later on, depending on volume and security and other factors), you should set the value of your src field to just be the bare name of the file, no path. Move the file into the media dir, use PIL.Image to get its width and height (your Image class should have width and height fields too) and set those, and then save. Good to know, thanks.
|
# ? Mar 18, 2018 05:39 |
|
We're building a DRF app with a <js framework> frontend. We also want the nice browsable API and API Index (e.g. Swagger) to be accessible. In settings.py, we have both TokenAuthentication and SessionAuthentication available: Python code:
Python code:
quote:Forbidden (403) CSRF verification failed. Request aborted. Reason given for failure: CSRF token missing or incorrect." If you open up a different browser, or an incognito tab, or clear your cache/cookies, and try again, the problem goes away. I know Token auth is meant for communication from a totally separate frontend. And we are building a separate frontend, however... the JS frontend happens to be used in the same browser with the same session variables sitting around that the same user is using to access the default DRF browsable API, and the Swagger API Index. In the reddit post DRF's TokenAuthentication and SessionAuthentication can't co-exist? Tom Christie says quote:You should only be seeing that error if you're making a request from a session authenticated client. Try making the token request from the command line or native app (eg not in the context of an AJAX request by a signed-in user) Based on the StackOverflow post Django REST Framework: using TokenAuthentication with browsable API and my own testing, it appears that the browsable API cannot be used without enabling SessionAuthentication. Question 1: Is the act of simply using the default DRF browsable API and/or Swagger's API Index causing later requests from a JS frontend (running in the same browser) to inadvertently go down DRF's SessionAuthentication pipeline (instead of using TokenAuthentication, as intended)? Question 2: Should a JS frontend accessing DRF via TokenAuthentication be expected to co-exist with the default DRF browsable API and/or Swagger's API Index using SessionAuthentication in the same browser?
|
# ? Mar 19, 2018 22:00 |
|
|
# ? May 16, 2024 07:59 |
|
I'm busy right now so I didn't read your post in detail, but... If your SPA request doesn't send cookies, then SessionAuthentication will be avoided. If you're using fetch to do your requests on the frontend look into the credentials config on requests.
|
# ? Mar 19, 2018 22:04 |