0

everyone! I'm writing a simple django application. There is script on one of the pages, which works on the button click and uses ajax post. The problem is: post method doesn't cause execution of server code and just executes function on error every time.

script:

<script type="text/javascript">
    (function($) {
        $(document).ready(function(){
            {% for obj in cl.result_list %}
                $('#done_{{ obj.pk }}').click(function() {
                    if ($(this).html().indexOf("icon-yes") != -1) {
                        $action = "no";
                    }
                    else {
                        $action = "yes";
                    }
                    $.ajax({
                                type: "POST",
                                url: "/on_hold_done/done/" + $action + "/{{ obj.pk }}/",
                                success: function(response) {
                                    alert("success")
                                },
                                error: function(response) {
                                    alert("error")
                                }
                            })
                });
            {% endfor %}
        });})(django.jQuery);
</script>

in urls.py:

(r"^on_hold_done/(on_hold|done)/(yes|no)/(\d*)/$", "todo.views.on_hold_done")

in views.py:

@staff_member_required
def on_hold_done(request, mode, action, pk):
    """simple code here"""
    return HttpResponse('')
blazkovicz
  • 732
  • 8
  • 18
  • 3
    Use Firebug to see which response you get from the server. – ThiefMaster Mar 29 '11 at 12:58
  • The $action variable looks like it could cause a problem since the $ has special function in jQuery. – Björn Mar 29 '11 at 13:26
  • @Bjorn: Naming a variable `$action` is not a problem. JavaScript variables can contain the `$` character. The `$` variable is just a reference to `jQuery`. – gen_Eric Mar 29 '11 at 13:33
  • @blazkovicz: Looks like the issue is resolved, with the answer below (or its discussion) providing part or all of the solution - could you accept OR provide a new answer that you think better answers the question? – Tao Oct 25 '11 at 12:57

1 Answers1

0

If you're using Django 1.3, note that all AJAX requests are now subject to cross-site request forgery protection, so you'll need to add in some extra JS to automatically include the CSRF token in your ajax submission. See the docs here

Steve Jalim
  • 11,989
  • 1
  • 37
  • 54
  • Thanks, I've just got to the same point in problem solving. The cause of problem is indeed in absence of using CSRF. And there also was problem in url resolving. – blazkovicz Mar 29 '11 at 17:40
  • Could anyone explain me what should I right in order to pass CSRF? I couldn't find any code examples. Solution from djangoproject doesn't work for me, because in response there is a piece of html, not a document or httpresponce. – blazkovicz Mar 29 '11 at 17:59
  • Add the JS mentioned here http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax - that will automaticaly insert the CSRF token as an additional header in your AJAX request – Steve Jalim Mar 30 '11 at 10:55
  • I've tried this code, it didn't help, but solution from http://stackoverflow.com/questions/5100539/django-csrf-check-failing-with-an-ajax-post-request did. – blazkovicz Mar 31 '11 at 06:59