vendredi 10 juin 2016

403 FORBIDDEN when delete file in django project


Integrated the django-jquery-file-upload into my Django project. Upload and view list work now. but cannot delete the file.

Details:

The file is in /opt/data/myproject/uploads/picture

Permissions:

drwxrwxrwx 2 daemon daemon 39 Jun 10 15:50 pictures

class FileListView(ListView):
    model = Picture

    def render_to_response(self, context, **response_kwargs):
        files = [ serialize(p) for p in self.get_queryset() ]
        data = {'files': files}
        response = JSONResponse(data, mimetype=response_mimetype(self.request))
        response['Content-Disposition'] = 'inline; filename=files.json'
        return response

Part of picture_form.html:

<form id="fileupload" method="post" action="." enctype="multipart/form-data">{% csrf_token %}

setting.py

MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'lib.middleware.SessionTimeout',
    'django.middleware.csrf.CsrfViewMiddleware',
    #'django.middleware.csrf.CsrfResponseMiddleware',
    #'django.middleware.security.SecurityMiddleware',
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
)

Request

Host: xxx
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-CSRFToken: xxxxx
X-Requested-With: XMLHttpRequest
Referer: https://myip/myprojectl/upload/new/
Cookie: csrftokenportal=a
zk; 
csrftokenmy=DKoPqrRjSd;
     sessionidcentral=k88cccccc3; 
csrftoken=xxxxxxxxxxxxx
Connection: keep-alive

DELETE https://myip/myproject/upload/delete/22

Error

403 Forbidden

Any idea? Thanks

MOre details

CSRF verification failed. Request aborted.
Help

Reason given for failure:

    CSRF token missing or incorrect.


In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

    Your browser is accepting cookies.
    The view function uses RequestContext for the template, instead of Context.
    In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
    If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

Reading the doc, it seems that I already done the three requirements.


Publié par à

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)