I have a django app which need to receive post requests from another site using html+javascript. For example i have mydjangosite.com and smallhtmlsite.com What i want is : user visit smallhtmlsite.com and fill a form, then he pushing submit button and mydjangosite.com receive request and create objects(form saving models actually). So i will have a view which will handle this requests. But how can these been done securely?
Asked
Active
Viewed 524 times
0
-
1See here- http://stackoverflow.com/questions/274274/is-it-secure-to-submit-from-a-http-form-to-https. You will have CSRF errors and lack security. Keep in mind that CSRF stands for cross-site request forgery. An API is probably the only way. – Ian Price Sep 28 '14 at 17:45
1 Answers
2
I have a django app which need to receive post requests from another site using html+javascript.
You don't have to ! You can build an API instead ;)
You create an API call - small site calls the API of main site. In that situation, the form is handled by a view in small site and the API is called via the server. Check out Django REST Framework.
Note: That solution wouldn't stop you from using AJAX but it would avoid cross domain issues.
François Constant
- 5,531
- 1
- 33
- 39
-
Sorry, but that suggestion does not helped for me. I still need a solution in which i can have different sites (built on html+js only) posting data to my django app securely. – Dmitry Yudin Sep 28 '14 at 11:59
-
I need a solution for different sites , so i have mydjangosite.com receiving post requests from different sites, based on different lanuages(php,ruby, etc...) so i decided to have only js and html. am i right? – Dmitry Yudin Sep 30 '14 at 07:57
-
Well an API is the only clean way to do it which would always work. I think you can do what you want in HTML5 but it won't work in all browsers. – François Constant Oct 07 '14 at 06:24