get ajax requests to make it to the frontend

by setting the CSRF token in ajax requests

diff --git a/engine/manifoldproxy.py b/engine/manifoldproxy.py
index 0eac779..1d629c7 100644 (file)
--- a/engine/manifoldproxy.py
+++ b/engine/manifoldproxy.py
@@ -4,7 +4,9 @@
 # as well as 
 # static/js/manifold-async.js
 
-from django.core import serializers
+import json
+# this is for django objects only
+#from django.core import serializers
 from django.http import HttpResponse
 
 # xxx should probably cater for
@@ -21,6 +23,15 @@ def api (request,format):
         return
 
     # xxx actually ask the backend here
-    hard_wired_answer = {'a':'some string','b':123}
-    return HttpResponse (serializers.serialize("json",hard_wired_answer),
-                         mimetype="application/json")
+    hard_wired_answer = [ {'slice_hrn':'a.b.c'}, {'slice_hrn':'ple.inria.foo' } ]
+    answer=hard_wired_answer
+    return HttpResponse (json.dumps(answer), mimetype="application/json")
+
+#################### 
+# to enable : see CSRF_FAILURE_VIEW in settings.py
+# probably we want to elaborate this one a little in real life
+# at least we can display the reason in the django output (although this turns out disappointing)
+failure_answer=[ "csrf_failure" ]
+def csrf_failure(request, reason=""):
+    print "CSRF failure with reason '%s'"%reason
+    return HttpResponseForbidden (json.dump (failure_answer), mimetype="application/json")

diff --git a/engine/static/js/manifold-async.js b/engine/static/js/manifold-async.js
index ae35630..ada865a 100644 (file)
--- a/engine/static/js/manifold-async.js
+++ b/engine/static/js/manifold-async.js
@@ -200,3 +200,29 @@ function __old__manifold_async_render_success(data, query) {
         }
     }
 }
+
+//http://stackoverflow.com/questions/5100539/django-csrf-check-failing-with-an-ajax-post-request
+//make sure to expose csrf in our outcoming ajax/post requests
+$.ajaxSetup({ 
+     beforeSend: function(xhr, settings) {
+         function getCookie(name) {
+             var cookieValue = null;
+             if (document.cookie && document.cookie != '') {
+                 var cookies = document.cookie.split(';');
+                 for (var i = 0; i < cookies.length; i++) {
+                     var cookie = jQuery.trim(cookies[i]);
+                     // Does this cookie string begin with the name we want?
+                 if (cookie.substring(0, name.length + 1) == (name + '=')) {
+                     cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                     break;
+                 }
+             }
+         }
+         return cookieValue;
+         }
+         if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
+             // Only send the token to relative URLs i.e. locally.
+             xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
+         }
+     } 
+});

diff --git a/myslice/settings.py b/myslice/settings.py
index 7fc65b8..8d61570 100644 (file)
--- a/myslice/settings.py
+++ b/myslice/settings.py
@@ -186,7 +186,13 @@ LOGGING = {
 
 AUTHENTICATION_BACKENDS = ( 'auth.backend.MyCustomBackend', 'auth.manifoldbackend.ManifoldBackend', )
 
+### the view to redirect malformed (i.e. with a wrong CSRF) incoming requests
+# without this setting django will return a 403 forbidden error, which is fine
+# if you need to see the error message then use this setting
+CSRF_FAILURE_VIEW = 'engine.manifoldproxy.csrf_failure'
+
 #################### for insert_above
 #IA_JS_FORMAT = "<script type='text/javascript' src='{URL}' />"
 # put stuff under static/
 # IA_MEDIA_PREFIX = '/code/'
+