403 (forbidden) when trying JQuery POST to django view

Question

I have the following attempt at a JQuery POST;

$(document).ready(function(){
            $("#id_go").click(function(){
                GOclick();
            });
        });

        function GOclick(){

            selected_table = $("#id_TableName option:selected").text();
            selected_column = $("#id_ColumnName option:selected").text();
            selected_SDT = $("#id_StartDateTime option:selected").text();
            selected_EDT = $("#id_EndDateTime option:selected").text();

            $.post('/historicaldata/input_parameters/', { selected_table: selected_table, selected_column: selected_column, selected_SDT: selected_SDT, selected_EDT: selected_EDT }, function(data){

            });
        }

And Django View.py

if request.method == 'POST':
    pdb.set_trace()

    selectedTable = request.GET.get('selected_table')
    selectedColumn = request.GET.get('selected_column')
    startDT = request.GET.get('selected_SDT')
    endDT = request.GET.get('selected_EDT')

I have a successful GET equivalent coming from the same script and going to the same view so I'm unsure why this is the case. I have a crsf_token in my form.

If you are getting a 403 most likely you are not passing your csrf token. You can try finding the @csrf_exempt plugin to help you. Its a bit risky, but possible. Other methods to do this would be to create away to request a csrf token and then send it back. Good luck. Hope this helps — Jody Fitzpatrick, Jan 13 '19 at 17:00

score 1 · Answer 1 · answered Jul 28 '14 at 17:21

1

At a first glance you're trying to get the parameters from the wrong QueryDict, it should be:

request.POST.get(...)

answered Jul 28 '14 at 17:21

fixmycode

8,220
2
28
43

score 1 · Answer 2 · answered Jul 28 '14 at 19:05

1

When working with forms that are posted on a django server you need to make sure that you have your csrf_token within the 'form' or within the 'form data' that you are submitting.

To display the form csrf token

{{csrf_token}}

This will create something like

<input type="hidden" name="csrfmiddlewaretoken" value="$csrf_token"/>

Pass this with your AJAX call along side the other data you have, use jquery to get the value based on the name of the form and the name of the "name" of the input.

Hope this helps.

answered Jul 28 '14 at 19:05

Jody Fitzpatrick

357
1
11

The above answer is also correct, my answer is an extension of it since I did not see reference to it in your post data. – Jody Fitzpatrick Jul 29 '14 at 02:23
Thanks for that, can you show me how you would pass it? as a variable with the rest of the values? – Mark Corrigan Jul 29 '14 at 08:20
I kind of went over this subject because Mark said he had the csrf token in the form. – fixmycode Jul 29 '14 at 23:27
1

It may be there in the form itself but it's not in the ajax data you are submitting on behalf of your form try getting it with jquery like so $( "input[name*='csrfmiddlewaretoken']").val(); – Jody Fitzpatrick Jul 30 '14 at 06:53

403 (forbidden) when trying JQuery POST to django view

2 Answers2