django-treeadmin icon indicating copy to clipboard operation
django-treeadmin copied to clipboard
verified publisher icon beniwohli

AJAX POST does not include CSRF Token in XHR Headers (Django 1.4)

Open exallium opened this issue 12 years ago • 3 comments

Upgrading to latest FeinCMS solved the issue for me, however, it turns out this is currently broken in this repository.

Running: Django 1.4 on Mac OSX 10.7 with django-mptt==0.5.5, latest django-treeadmin, latest grappelli

Reproducing: Set up TreeAdmin as base of Model's admin class and load up the list page for your model. Moving an object causes a 403 on the POST method. Looks like the XHR expects a relative path, where as I am handing it an absolute path that is still pointing to my local machine. Check toolbox.js in the ajaxSetup function, I think that's where it bugs out.

exallium avatar Feb 12 '13 20:02 exallium

Yes, I think so too, but so far I haven't been able to figure out a fix either.

evildmp avatar Mar 18 '13 15:03 evildmp

In fact [email protected]:clincher/django-treeadmin.git fixes it - https://github.com/piquadrat/django-treeadmin/pull/8.

evildmp avatar Mar 18 '13 16:03 evildmp

note: this is also fixed in my branch: ls-django-treeadmin.

lanshark avatar May 02 '16 16:05 lanshark