I'm using django for a website app, mostly. I need to write a canvas page to handle requests. In the simplest form, I have:
(r'^canvas/','commitments.views.canvas'),
in urls.py
, and:
@csrf_exempt
def canvas(request):
return HttpResponse("Hello world")
in views.py
. This all works fine if I load the page directly. If, however, I load the page through the Facebook canvas, I'm getting an error related to modsecurity ModSecurity: Output filter: Failed to read bucket (rc 104): Connection reset by peer [hostname "..."] [uri "/canvas/"]
.
Any thoughts on what I'm doing wrong here? Thanks for the help.
(x-post from here: solution may be the same)
So I've spent way too much time trying to figure this out. I've settled on a (slightly shitty) work-around: add {% csrf_token %}
to any place in your template (I'm assuming you passed in the context_instance=RequestContext(request)
argument to your render_to_response
or whatever).
I think what is happening is that the cookie doesn't actually get set (this can be confirmed through inspecting the cookies in any browser's development tools). Adding the above code to your template forces this. I have a feeling that this may be remedied in later versions of Django, and it seems as though there are obvious fixes for 1.4+ (e.g., see here). Unfortunately dreamhost has stuck us with 1.2.3, so we need to make do.