2

First of all I must to say that all solutions, which I found here, didn't help me.

My error

detail: "CSRF Failed: CSRF token missing or incorrect."

My react form

    render: function(){
    return(
    <div className="col-lg-12 mrg">
        <h3 className="ui dividing header">Add comment</h3>
        <form method="POST" role="form" className="ui reply form" onSubmit={this.handleSubmit}>
            <div className="field">
                <textarea ref="text"></textarea>
            </div>
            <button className="ui blue labeled submit icon button" type="submit" value="SUBMIT" name="submit"><i className="icon edit"></i> Send</button>
        </form>
    </div>
    );
}

My ajax POST

$.ajax({
        url: '/news/' + this.props.id,
        dataType: 'json',
        type: 'POST',
        data: comment,
        headers: {
            HTTP_X_CSRFTOKEN: getCookie('csrftoken')
        },
        success: function(data) {
            this.setState({data: data});
            }.bind(this),
        error: function(xhr, status, err) {
            console.error('/news/' + this.props.id, status, err.toString());
        }.bind(this)
    });

My headers

POST http://my.site/news/5 HTTP/1.1
Host: my.site
Proxy-Connection: keep-alive
Content-Length: 29
Origin: http://my.site
HTTP_X_CSRFTOKEN: GpCrHfeG7im7EObtiL6g56f5QvTJJRHZ
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
Referer: http://my.site/news/5
Accept-Encoding: gzip, deflate

Could you please to give me an advice why I still have this error? And what is the best practice to use django forms in frontend frameworks?

julen
  • 4,959
  • 1
  • 23
  • 31
NONAMA
  • 503
  • 1
  • 9
  • 21

1 Answers1

2

You are adding the wrong header. In your $.ajax() call you should do instead:

  headers: {
    'X-CSRFToken': getCookie('csrftoken')
  },

For more details, check out the "How can I add a custom HTTP header to ajax request with js or jQuery?" question.

Community
  • 1
  • 1
julen
  • 4,959
  • 1
  • 23
  • 31
  • Thanks, Julen! Actually it is. But I found another solution, like in Django Docs, with beforeSend function, but your solution definitely works too! – NONAMA Aug 19 '15 at 14:08
  • The answer I linked includes that and more, go check it out ;) – julen Aug 19 '15 at 15:17