1
I think sligodave was linking to the correct docs but instead of the exact process that is described in Django you need to just do an extra step or getting the csrf. If you use ensure_csrf_token to create a view for yourself that you can just fetch the cookie from, you can use JS to fetch and parse that cookie, then turn around and use it on your POST. Since the request(s) are on the same domain there should not be any issues with passing it. I will defer to this answer over at security stack to say there is no innate security flaw in this practice.
0
I think what you want can be achieved using a little bit of javascript.
https://docs.djangoproject.com/en/1.6/ref/contrib/csrf/#ajax
You get the csrf token from the cookie and set it as a header on your response or alternatively, you set the csrf field on your form.
EDIT: Never mind, I missed the “static” part of your question. It never goes through django so there’s no csrf cookie. I’ll get my coat!
- [Answer]-Many to Many and Foreign Key relations in django admin
- [Answer]-Serving static HTML files without extension in Django
- [Answer]-Django/Python unorderable types: complex() < complex() Django tutorial youtube-croach
- [Answer]-Angular get json from server but cannot display columns only whole model
- [Answer]-How to modify all "add another …" text to one generic text in admin