Closed housUnus closed 9 months ago
How exactly are you trying to upload the file? Since you say "anymore": What did you change?
It was working on filer v:2.2.4, but after upgrading to the latest version now it's not working anymore Django==4.2.3 django-filer==3.0.2 I was trying to upload on the admin area
Please note that I'm using another way of uploading files rather than the admin interface, and it worked fine, I dived into the package code and found @csrf_exempt above the ajax_upload, which should allow the post request to move without a csrf token, so it must be a function that is calling the ajax_upload from the admin that doesn't have the csrf_exempt decorator, that's why it always fails to reach the ajax_upload, the solution might be adding the csrf token while calling the XMLHttpRequest uploader on the client side.
I have updated the js fileuploader so it sends the csrf without using csrf_exempt, and being blocked for non-unknown reasons as stated before.
I have not yet been able to reproduce the bug. How exactly are you uploading? I am unclear if you are using the admin interface (I understand no) or not (I understand you think some call to the admin interface requires the token). Uploads outside the admin interface are currently not supported.
I was using the admin interface to upload, but i always had the CSRF missing problem,
What I've added is: csrf=document.querySelector('form input[name="csrfmiddlewaretoken"]') . . .o.setRequestHeader("X-CSRFToken",csrf.value)
Which allows sending the csrf token with the request.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This will now be closed due to inactivity, but feel free to reopen it.
When i try to upload an image using the admin page it doesn't work anymore, it shows that:
Forbidden (CSRF token missing.): /admin/filer/clipboard/operations/upload/2/ [11/Aug/2023 03:23:08] "POST /admin/filer/clipboard/operations/upload/2/?qqfile=Tangerois+Store+Logo.jpg HTTP/1.1" 403 2506
and file is uploaded, I know a csrf_token is missing, but don't know where to add it on your package,
Regards