jquery.fileDownload icon indicating copy to clipboard operation
jquery.fileDownload copied to clipboard

Published 20 hours ago verified publisher icon johnculviner

CSRF protection return 403 because of removing other cookies

Open molavy opened this issue 9 years ago • 3 comments
trafficstars

there is django csrf protection on calling filedownload post data that return csrf failed https://docs.djangoproject.com/en/1.9/ref/csrf/

molavy avatar Mar 01 '16 07:03 molavy

i dont use django but certainly let me know if you find a solution and/or make a PR

johnculviner avatar Mar 01 '16 15:03 johnculviner

For Django CSRF token protection fileDownload need add csrftoken parameter currently, you just need add correct csrf value to do it

Example:

$.fileDownload(url, {
    httpMethod: "POST",
    csrfmiddlewaretoken: "{{csrf_token}}",
    parameter: your_paramter,
})

Falldog avatar Jun 24 '16 09:06 Falldog

There's a problem with iPad and django (1.11.6) on POST requests.

It seems Safari is not setting/sending the document.referrer, so the CsrfViewMiddleware will reject the request with error 403 because it suspects about a man-in-the-middle attack.

fileDownload when dealing with isIos devices opens a new window.

pyMan avatar May 07 '18 13:05 pyMan