search

biodiv / anycluster

Server-side clustering of map markers for (Geo)Django
MIT License
106 stars 21 forks source link

csrf #20

Closed lmorroni closed 10 years ago

lmorroni commented 10 years ago

I am using the latest version. Once I cleared my browser cache, the map stopped rendering points. I've traced it to a csrf issue. If I remove the following middleware line from settings then the app works fine:

'django.middleware.csrf.CsrfViewMiddleware',

It seems like the issue originates from anycluster.js

        xhr.open("POST",url,true);

        var csrftoken = getCookieValue('csrftoken');
            xhr.setRequestHeader("X-CSRFToken", csrftoken);

        xhr.send(JSON.stringify(postParams));

I tried messing with the django_ajax_csrf.js but couldn't make much progress. Any ideas? is this a bug? Thanks, Larry

biodiv commented 10 years ago

Have you put {% csrf_token %} somewhere in the html template of your cluster? Django only delivers the token if this tag is there - at least on some installations.

lmorroni commented 10 years ago

Indeed that was it. Thanks!