Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

js error on chrome only! #158

Open
MidoCobra opened this issue Feb 25, 2019 · 5 comments
Open

js error on chrome only! #158

MidoCobra opened this issue Feb 25, 2019 · 5 comments

Comments

@MidoCobra
Copy link

MidoCobra commented Feb 25, 2019
edited
Loading

Hi all,
star ratings working well with Edge, Firefox & other android browsers, but with chrome i got this error in my console:

star-ratings.js:259 POST https://##########.com/details/null 404 (Not Found)
(i dont know why null?! i m putting object after ratings and it is defined correctly in my views and urls and even readonly=true is working well for star ratings in the same template!)

star-ratings.js:265 POST https://########.com/ratings/28/1/ 403 (Forbidden)
post @ star-ratings.js:265
rate @ star-ratings.js:68
ratingSubmit @ star-ratings.js:60
VM5445:2 Uncaught SyntaxError: Unexpected token < in JSON at position 1
at JSON.parse ()
at XMLHttpRequest.req.onreadystatechange (star-ratings.js:249)

i think it is something about csrf !
but actually i m not good at all with javascript to be able to handle this !
@MidoCobra
Copy link
Author

MidoCobra commented Feb 25, 2019
edited
Loading

i almost in my way to know the problem, it seems that t is because the McAfee® WebAdvisor extension in chrome or any extension! ... which blocks your rates ..
cause it works only in incognito mode only in chrome!
and i think that s because of csrf issues , cause it blocked also some ajax calls in my template and i solved it by adding csrf_excmpt decorator in my views!
tried the same with your views but i think i missed the way ..
now i m waiting for your solution .. and i ll keep working on it.
thanks all

@MidoCobra
Copy link
Author

now by clearing cookies browsing etc it works !
where is the bug!

@OmegaDroid
Copy link
Contributor

Hi @MidoCobra, I would say you wouldn't want to disable csrf protection as a workaround. This sounds like its an error in the chrome extension, maybe its stripping some cookies from the request before its sent.

I wonder if storing the csrf token on the session will help https://docs.djangoproject.com/en/2.1/ref/csrf/#is-it-a-problem-that-django-s-csrf-protection-isn-t-linked-to-a-session-by-default

@antnieszka
Copy link

antnieszka commented Aug 1, 2019
edited
Loading

I still get 403's :(

SyntaxError: JSON.parse: unexpected character at line 2 column 1 of the JSON data
onreadystatechange http://127.0.0.1:8000/static/star-ratings/js/dist/star-ratings.js:249

and from backend:

Forbidden (CSRF token missing or incorrect.): /pl/ratings/14/24/
WARNING 2019-08-01 10:14:53,621 log 15004 9736 Forbidden (CSRF token missing or incorrect.): /pl/ratings/14/24/
[01/Aug/2019 10:14:53] "POST /pl/ratings/14/24/ HTTP/1.1" 403 2546

Switching CSRF_USE_SESSIONS = True on and off does not help :/

I don't have any extensions on these browsers (FF/chrome)

@antnieszka
Copy link

I think I got it - https://docs.djangoproject.com/en/dev/ref/settings/#csrf-cookie-httponly
If you set CSRF_COOKIE_HTTPONLY = True :

Whether to use HttpOnly flag on the CSRF cookie. If this is set to True, client-side JavaScript will not to be able to access the CSRF cookie.

Hence the 403's I get :/

@jamesoutterside jamesoutterside mentioned this issue Mar 30, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@OmegaDroid @antnieszka @MidoCobra