Send Django CSRF Cookie with YUI Uploader Request

tags:

django
yui

views:

answers:

Send Django CSRF Cookie with YUI Uploader Request

I am trying to use the YUI uploader to upload files to Django view.

However, I am getting a 403 error in CsrfViewMiddleware. I have determined that the problem is due to the flash uploader (that the YUI uploader uses) not sending the CSRF cookie in the file upload request.

The YUI uploader's uploadAll() function allows additional data to be sent with the upload request in object form. Since the CSRF cookie can be easily retrieved, I am trying to add the cookie to the request via the uploadAll() function, but I am not entirely sure as to what format to send it in so that CsrfViewMiddleware finds the cookie where it expects it. This does not work:

var cookie = YAHOO.util.Cookie.get('csrftoken'); uploader.uploadAll(url, 'POST', { csrfmiddlewaretoken: cookie });

Any insight would be greatly appreciated!

Hi --

Unfortunately, because of Flash player limitations, the YUI Uploader can't insert the cookie into the header of the request, which is where the backend expects it to be. The only thing you can do, which is what that additional argument up there does, is to add POST variables to the request. However, that means that you need additional server logic to extract them as POST variables and them compare them to the cookie record -- it won't work by default.

If you are unable to modify the server-side code, you won't be able to authenticate the requests sent from the Uploader :(.

2010-06-24 19:56:12

You're right. I ended up fixing it by introducing a layer of middleware to manually update the request object with the proper cookies before it gets to the the CSRF middleware.

2010-06-24 22:35:37

ansaurus

tags:

views:

answers:

Send Django CSRF Cookie with YUI Uploader Request

related questions