SWFUpload + Django 1.2 CSRF problem_问答_开发者

开发者 https://www.devze.com 2023-02-12 17:24 出处：网络

Whenever I try to upload a file using SWFUpload on Django 1.2, I get an HTTP 403 error. I\'m sure this is a CSRF error because when I use the @csrf_exempt decorator in works fine.

Whenever I try to upload a file using SWFUpload on Django 1.2, I get an HTTP 403 error. I'm sure this is a CSRF error because when I use the @csrf_exempt decorator in works fine.

window.onload = function {
    var settings = {
        ...
        post_params: {
            "csrfmiddlewaretoken": "{{csrf_token}}"
        },
        ...
    };

var swfu = new SWFUpload(settings);
};

I also tried to use the SWFUpload.addPostParam() without success

var swfu = new SWFUpload(settings);
swfu.addPostParam('csrfmiddlewaretoken', '{{csrf_token}}');

I'm sure I'm passing the token to the开发者_如何转开发 template because I can see it in the source. The directory I'm uploading to is writable. I chmod 777 it.

Any ideas?

Apart from "csrfmiddlewaretoken" in post params, django also expects CSRF cookie to be set correctly, otherwise user will get a 404 error.

In your middleware to copy the session token into cookie, copy csrftoken as well and it will work. I followed instructions from http://blog.fogtunes.com/2009/11/howto-integrate-swfupload-with-django/ and updated the middleware part like the following and it works:

class SWFUploadMiddleware(object):

def process_request(self, request):
    if (request.method == 'POST') and (request.path == reverse('uploads.views.manual')) :  
        if request.POST.has_key(settings.SESSION_COOKIE_NAME):
            request.COOKIES[settings.SESSION_COOKIE_NAME] = request.POST[settings.SESSION_COOKIE_NAME]  
        if request.POST.has_key('csrftoken'):           
            request.COOKIES['csrftoken'] = request.POST['csrftoken']