1

Getting a CSRF 403. The console.log statements below confirm that I'm grabbing the token. I'm submitting the request to the same domain on my local server.

  internal.csrfToken = $.cookie('csrftoken');

  internal.csrfSafeMethod = function(method) {
    // these HTTP methods do not require CSRF protection
    return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
    };

  $.ajaxSetup({
    crossDomain: false, // obviates need for sameOrigin test
    beforeSend: function(xhr, settings) {
      console.log("ajaxSetup");
      console.log(internal.csrfToken);
      if (!internal.csrfSafeMethod(settings.type)) {
        console.log("Settings type");
        xhr.setRequestHeader("X-CSRFToken", internal.csrftoken);
      }
    }
  });

  external.submitPayment = function (app_id, charge_now_amount, stripe_plan_id) {
    // Submit a payment to the server and handle any errors.

    $.ajax({
      url: URLS.postPayment,
      type: 'POST',
      data: {
        'app_id': STRIPE_CONFIG.app.id,
        'amount': charge_now_amount,
        'stripe_plan_id': stripe_plan_id
      },
      dataType: 'json',
      success: function(response) {
        alert("Success!");
      },
      error: function(jqXHR, textStatus, errorThrown ) {
        alert("Error!");
      }
    });

  };
Brian Dant
  • 4,029
  • 6
  • 33
  • 47

1 Answers1

0

not sure if this will help you. I had a similar problem. And fixed it by making a beforeSend functions that's add the X-CSRFToken

$.ajax({
  url: url,
  data: JSON.stringify({'name': value }),
  type: 'POST',
  dataType: 'json',
  beforeSend: function (jqXHR, settings) {
    jqXHR.setRequestHeader('X-CSRFToken', $('input[name=csrfmiddlewaretoken]').val());
  },
  success: function(response) {
    alert("Success!");
  }
})
Eagllus
  • 437
  • 3
  • 8