403 error caused by CSRF
Bug #607389 reported by
Seth Hill
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
django_xmlrpc |
New
|
Undecided
|
Unassigned |
Bug Description
Django's CSRF protection is turned on by default now, and is quite effective at blocking cross site requests, including RPC requests like this.
Symptoms:
Valid XMLRPC requests to the xmlrpc endpoint are greeted with a 403 Forbidden response. This is generated by the CSRF middleware because a CSRF token isn't being included in the POST.
Resolution:
Turn of CSRF for the handle_xmlrpc method.
In django_
from django.
...
@csrf_exempt
def handle_
....
To post a comment you must log in.
instead of using csrf_exempt, one should pass the csrf_token, right?