3

I'm working with an iPhone developer who does not have any Django experience, and I am relatively new to Django. I've built an existing Django app with a web interface that allows a user to log in and add books from our database to his personal library.

We are trying to build an iPhone application that allows a user to authenticate and the access the library, and I was wondering what is the best way to do the authentication and then request the user's library. We started out using an HTTP POST requests to send credentials to the Django app, but another Django developer I know told me this would be a cross-domain request which would not work starting with Django 1.2.

If I can't do cross-domain HTTP POST requests, how should I POST data from the iPhone app to the Django application?

gohnjanotis
  • 6,513
  • 6
  • 37
  • 57
  • Are you asking about this? http://docs.djangoproject.com/en/dev/ref/contrib/csrf/ – S.Lott Aug 05 '10 at 17:38
  • yes. i found this article, but i guess what i really want to know is whether it is 'wrong' to use regular POST requests from the iPhone app to send data back to the Django app. – gohnjanotis Aug 05 '10 at 18:08

3 Answers3

5

Just use the csrf_exempt decorator.http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#exceptions

And yes, use the POST request type, it's the only logical choice when you're sending data to the server. As per RESTful API guidelines: http://en.wikipedia.org/wiki/Representational_State_Transfer#RESTful_web_services

Swizec Teller
  • 2,322
  • 1
  • 19
  • 24
  • Are there any actual hacking risks if this is done only for a login view? This is the obvious quick fix... but CSRF is there for a reason. Just disabling it..? Meh. – M. Ryan Jan 25 '11 at 02:54
  • Yes CSRF is there to prevent cross-site request forgery, but no matter what you do somebody using your API will _never_ be on the same domain. – Swizec Teller Jan 26 '11 at 21:27
1

You can solve CSRF Issue. in django 1.4 Just using decoration at front of function.

Solution:
  @csrf_exempt
  def PostData(requst):
    pass
Haibane
  • 67
  • 5
-1

http request from the iphone application is not cross-domain

Aaron Saunders
  • 33,180
  • 5
  • 60
  • 80