Comments (4)
The redirect, which should be showing up in your debug log is probably due to the missing CSRF token.
you can specify route names that should not enforce CSRF if you would like, or, can send the CSRF token through in your request.
http://thesoftwarestudio.com/apex/options.html
apex.no_csrf =
or, since request is exposed to your template, you can output this value and pass it in the variable named csrf_token.
request.session.get_csrf_token()
from apex.
Thanks! You were correct!
My application needed to post a lot of json data, this lead me to solve the issue using the apex.no_csrf option, but this code also works if you are trying to post from a template:
In your template:
Passing the csrf_token:
var fd = new FormData()
fd.append("csrf_token", $("#csrf_token").val())
var xhr = new XMLHttpRequest()
xhr.open("POST", "/api/profile")
xhr.send(fd)
Is there a clean way to post json from the client and pass the csrf_token token along,
or must i always include routes with accept='application/json' in the apex.no_csrf list?
Thanks so much for responding, I'm loving apex!
from apex.
Your token can be passed as an argument, it is only looking for the parameter in the post.
If you're using mako but you would have to do that on each form/partial. Alternatively, you could pass it and have your controller pick it up and inject it into $scope, and use that throughout.
from apex.
closing. solved.
from apex.
Related Issues (20)
- Is this project still maintained? HOT 1
- Tried to run the apex example and ran into the following problem HOT 3
- The "locale" folder is missing in egg HOT 2
- Why not re-use pyramid.security.Authenticated HOT 3
- Quickstart form action is not correct HOT 4
- "HTTPForbidden: CSRF token is missing or invalid" after successful facebook authentication HOT 1
- NameError: global name 'auth' is not defined HOT 3
- Example is broken on import HOT 2
- Quickstart velruse not working HOT 2
- confused about extending file HOT 4
- Confusion with RegisterForm and after_signup
- multiple accounts HOT 4
- Ignores 'profile details' coming from twitter(or any other provider) after login
- Quickstart example fails on Mavericks 10.9.2, Python 2.7.5 HOT 4
- Quickstart documentation out of date HOT 2
- Naming convention problem on SQL Server
- Microsoft Live Error: ThirdPartyFailure: The HTTP request was forbidden with client authentication scheme 'Anonymous'. HOT 1
- Valruse vs Apex callbacks HOT 1
- Python 3.5.1: TypeError: Class advice impossible in Python3. Use the @implementer class decorator instead HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apex.