# as well as
# static/js/manifold-async.js
-from django.core import serializers
+import json
+# this is for django objects only
+#from django.core import serializers
from django.http import HttpResponse
# xxx should probably cater for
return
# xxx actually ask the backend here
- hard_wired_answer = {'a':'some string','b':123}
- return HttpResponse (serializers.serialize("json",hard_wired_answer),
- mimetype="application/json")
+ hard_wired_answer = [ {'slice_hrn':'a.b.c'}, {'slice_hrn':'ple.inria.foo' } ]
+ answer=hard_wired_answer
+ return HttpResponse (json.dumps(answer), mimetype="application/json")
+
+####################
+# to enable : see CSRF_FAILURE_VIEW in settings.py
+# probably we want to elaborate this one a little in real life
+# at least we can display the reason in the django output (although this turns out disappointing)
+failure_answer=[ "csrf_failure" ]
+def csrf_failure(request, reason=""):
+ print "CSRF failure with reason '%s'"%reason
+ return HttpResponseForbidden (json.dump (failure_answer), mimetype="application/json")
}
}
}
+
+//http://stackoverflow.com/questions/5100539/django-csrf-check-failing-with-an-ajax-post-request
+//make sure to expose csrf in our outcoming ajax/post requests
+$.ajaxSetup({
+ beforeSend: function(xhr, settings) {
+ function getCookie(name) {
+ var cookieValue = null;
+ if (document.cookie && document.cookie != '') {
+ var cookies = document.cookie.split(';');
+ for (var i = 0; i < cookies.length; i++) {
+ var cookie = jQuery.trim(cookies[i]);
+ // Does this cookie string begin with the name we want?
+ if (cookie.substring(0, name.length + 1) == (name + '=')) {
+ cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+ break;
+ }
+ }
+ }
+ return cookieValue;
+ }
+ if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
+ // Only send the token to relative URLs i.e. locally.
+ xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
+ }
+ }
+});
AUTHENTICATION_BACKENDS = ( 'auth.backend.MyCustomBackend', 'auth.manifoldbackend.ManifoldBackend', )
+### the view to redirect malformed (i.e. with a wrong CSRF) incoming requests
+# without this setting django will return a 403 forbidden error, which is fine
+# if you need to see the error message then use this setting
+CSRF_FAILURE_VIEW = 'engine.manifoldproxy.csrf_failure'
+
#################### for insert_above
#IA_JS_FORMAT = "<script type='text/javascript' src='{URL}' />"
# put stuff under static/
# IA_MEDIA_PREFIX = '/code/'
+