5

I've got two different django projects, where one sits on domain A and has a bunch of functionalities (REST among them). Site B is simple and I want to post ajax-forms to site A, but keep csrf security. Is that possible?

Btw sites can share database if necessary.

Marin
  • 1,311
  • 16
  • 35
  • Yes, but only if the two are sub-domains of the same domain (or, e.g., one is a subdomain and the other is on the main domain). Is that what you wanted? – Visionscaper Mar 22 '14 at 20:47
  • Just created this answer, maybe it is of help to anyone interested in this question. http://stackoverflow.com/a/22584318/889617 – Visionscaper Mar 22 '14 at 22:18

1 Answers1

3

I've had a simillar problem and I've managed to solve it in the following way:

  1. issue GET request from site B to site A to fetch a form (with csrf field)
  2. POST the form back to site A.

The main problem for me was to get cross-site ajax requests to work. To achieve that I've had to configure CORS correctly on the server-side (I've slightly edited this middleware: https://gist.github.com/strogonoff/1369619) and set xmlHttp.withCredentials = true (where xmlHttp is my XMLHttpRequest object) in the ajax POST function.

I've tested this solution on two diffenet ports on the same IP address, but I think it should also work cross-domain.

zeroos
  • 2,094
  • 3
  • 17
  • 24
  • How do I do this? How to I add this to my Middleware class – raaj Apr 10 '14 at 19:29
  • Setting up this middleware is described in comments for this file (https://gist.github.com/strogonoff/1369619#comment-586223). – zeroos Apr 11 '14 at 19:15