How would I authenticate and make requests from an iPhone app to a Django backend to get around CSRF?

Question

Hi, I'm working with an iPhone developer who does not have any Django experience, and I am relatively new to Django. I've built an existing Django app with a web interface that allows a user to log in and add books from our database to his personal library.

We are trying to build an iPhone application that allows a user to authenticate and the access the library, and I was wondering what is the best way to do the authentication and then request the user's library. We started out using an HTTP POST requests to send credentials to the Django app, but another Django developer I know told me this would be a cross-domain request which would not work starting with Django 1.2.

If I can't do cross-domain HTTP POST requests, how should I POST data from the iPhone app to the Django application?

Answer 1

http request from the iphone application is not cross-domain

Answer 2

Just use the csrf_exempt decorator.http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#exceptions

And yes, use the POST request type, it's the only logical choice when you're sending data to the server. As per RESTful API guidelines: http://en.wikipedia.org/wiki/Representational_State_Transfer#RESTful_web_services