A note on Django 1.5.2 rotating CSRF token and frontend javascript applications

Check out the new site at https://rkblog.dev.

13 December 2013 Comments

Django 1.5.2 introduced a change named The CSRF token now rotates when a user logs in. This isn't anything problematic for typical web applications where user submits a form and the page reloads. For applications that are based on JavaScript frameworks like ember (or angular) this becomes a problem, as the user is logged in the background with an AJAX request (for example with Facebook JS SDK) and the page in general never reloads. When he logs in the token changes and API (POST) requests (to django-rest-framework for example) will get forbidden as answers from the server.

A solution would be to return a new token with server response to the login request and insert it in the place of the old one, which was inserter when Django template was rendered:

xhr.setRequestHeader("X-CSRFToken", "{{csrf_token}}");

I wonder if there are any solutions for this already?

RkBlog

Django web framework tutorials, 13 December 2013

Check out the new site at https://rkblog.dev.

Comment article

Basics of Ember.js application development

After setting up the base of our ember application we can start doing something more with it. For my tutorials I've picked AdminLTE template to make a admin panel alike application.

› Read more

Ember application structure

Ember.js applications are divided into multiple files and folders. All of which makes sense when we get to know what is where, so lets take a look on Ember application structure.

› Read more

Setting up ember-cli development environment with ember 2.1

In a series of tutorials starting with this one I'll try to showcase ember.js framework for building fronted web applications. As a backend there will be Django Rest Frameowork and more.

As times change and JavaScript frameworks don't just download to your static folder I'll start with setting up Ember.js development environment with ember-cli.

› Read more

Check out PyCon PL 2015 agenda

The PyCon PL 2015 will be held in Hotel Ossa Congress & Spa located in Ossa on October 15th through October 18th. The conference is held in Poland but consists of two blocks of talks - English and Polish, so non-Polish speaking attendees can benefit from it too.

The agenda and other details can be found on the conference website.

› Read more

Squashing and optimizing migrations in Django

With Django 1.7 we got built in migrations and a management command to squash a set of existing migrations into one optimized migration - for faster test database building and to remove some legacy code/history. Squashing works, but it still has some rough edges and requires some manual work to get the best of a squashed migration. Here are few tips for squashing and optimizing squashed migrations.

› Read more

Simple Django applications for writing Facebook applications and authentication

Creating Facebook applications or integrating websites with Facebook isn't complex or very time consuming. In case of Django there is for example very big django-facebook package that provides a lot of Facebook related features.

Pozytywnie.pl, a company I work with released a set of small applications that were used internally to make Facebook applications as well as Facebook authentication integrations. In this article I'll showcase those applications.

› Read more