I am working with a Django project.开发者_StackOverflow社区 The aim is to import user information from Facebook. For a start, I am using the registration social plugin that Facebook offers. I have a basic template that includes the iframe for the registration plug-in; just the way the Facebook api documentation suggests. The view that renders this template is as follows:
def registration(request):
if (request.method == "POST"):
return HttpResponse("it posted!")
else:
return render_to_response("ui/registration.html", {},
context_instance=RequestContext(request))
As soon as I press register on the plugin and Facebook sends my view the signed-request, Django complains about the missing csrf token. I also have tried explicitly including the csrf-token by passing it along in the context dictionary using csrf(request), however that still doesn't solve the problem.
CSRF protection is there to prevent cross-site posts. However, in this case you want to accept the post from Facebook so you should use the csrf_exempt decorator on your view which accepts the signed request. See the section on CSRF Exceptions: http://docs.djangoproject.com/en/1.3/ref/contrib/csrf/#exceptions
You need to do a few things for this:
- You'll need to pass your csrf token as a parameter to your facebook request as seen at the end of their documentation:
- Next, you'll have to decorate your view with
@csrf_exempt, like Mark suggested. - Finally, in your view, you can verify that the csrf token is okay. You can steal some logic by taking a look at the django csrf middleware code found here.
Alternately, instead of steps 2 and 3 you can write your own middleware to check the csrf tokens coming from facebook.
look for fandjango app, especially the middleware. https://github.com/jgorset/fandjango that did it to me
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论