0

I'm trying to validate the registration form for email and username availability from server-side programmed with Django. I checked this one jQuery Validation Plugin remote check for password with Django but I'm getting 403 forbidden - CSRF verification failed. I tried including csrf token inside the jquery script. But still not working. I've shown the code below for checking email availability.

views.py:

def email_check(request):
    response_str="false"
    if request.is_ajax():
        e = request.POST.get("email_address")
        try:
            obj = User.objects.get(email=e)
        except DoesNotExist:
            response_str="true"
    return HttpResponse(response_str)

urls.py:

url(r'^signup/email/check/$', 'registration.views.email_check')

signup.html: https://gist.github.com/2253002

Could anyone help me on this?

Thanks!

Community
  • 1
  • 1
rnk
  • 2,174
  • 4
  • 35
  • 57
  • If you are using django , you dont need JQuery to do all this...User registration should be done through Forms..See this : http://www.b-list.org/weblog/2006/sep/02/django-tips-user-registration/ – Ramandeep Singh Mar 30 '12 at 17:27
  • @RamandeepSingh Ajax feature is the must one. So that I'm using jQuery validation plugin. – rnk Mar 30 '12 at 17:36
  • 1
    "but it's not working". What's not working? – alan Mar 30 '12 at 17:37
  • I'm not getting the indication that the email is already taken for the used email address. – rnk Mar 30 '12 at 17:40
  • Try to work out what part is not working. Is the query plugin making an ajax request to the correct url? Is the view returning the correct response? – Alasdair Mar 30 '12 at 18:24
  • url is correct..but I have doubt in sending the response..don't know how to do it. – rnk Mar 30 '12 at 18:34
  • From the sound of it, the response doesn't even get sent to the client. If that's the case, you should get have some error from the server. What's the error? – tamakisquare Mar 30 '12 at 20:55
  • Use Firebug in Firefox or Web Inspector in Chrome, look into Network tab and find your ajax request. You'll be able to see the response there. – ilvar Mar 31 '12 at 02:41
  • @ahmoo I'm getting 403 Forbidden - CSRF verification failed – rnk Mar 31 '12 at 11:45
  • 1
    check http://stackoverflow.com/questions/5100539/django-csrf-check-failing-with-an-ajax-post-request – okm Mar 31 '12 at 15:00

2 Answers2

2

You should send the csrf token in a cookie named "X-CSRFToken", there is a way to globally enable this behavior with jQuery like this:

https://docs.djangoproject.com/en/1.4/ref/contrib/csrf/#ajax

vkryachko
  • 406
  • 3
  • 6
0
$('html').ajaxSend(function(event, xhr, settings) {
    function getCookie(name) {
        var cookieValue = null;
        if (document.cookie && document.cookie != '') {
            var cookies = document.cookie.split(';');
            for (var i = 0; i < cookies.length; i++) {
                var cookie = jQuery.trim(cookies[i]);
                // Does this cookie string begin with the name we want?
                if (cookie.substring(0, name.length + 1) == (name + '=')) {
                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                    break;
                }
            }
        }
        return cookieValue;
    }
    if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
        // Only send the token to relative URLs i.e. locally.
        xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
    }
});

Reference the above jquery code in your template to ensure your AJAX POST calls always include the csrf token. For the details, check this article from the official doc.

tamakisquare
  • 16,659
  • 26
  • 88
  • 129