$('#save').on('click', function() {
var text = $('div[contenteditable]')[0].innerHTML;
- $.post('api-save/', {text: text}).fail(function() {
+ var csrf = $('[name=csrfmiddlewaretoken]').val();
+ $.post('api-save/',
+ { text: text, csrfmiddlewaretoken: csrf}
+ ).fail(function() {
$('#save').css('background', 'red');
});
return false;
<div>
<h2>{{ object.title }}</h2>
<div {% if request.user.is_staff %}contenteditable="true"{% endif %}>{{ object.text|safe }}</div>
-{% if request.user.is_staff %}<button id="save">{% trans "Save" %}</button>{% endif %}
+{% if request.user.is_staff %}
+{% csrf_token %}<button id="save">{% trans "Save" %}</button>
+{% endif %}
<div class="meta">{{ object.creation_timestamp|date:"j E Y, H:i"|lower }}</div>
</div>
from django.http import HttpResponse, Http404
from django.utils.feedgenerator import Atom1Feed
from django.views import View
-from django.views.decorators.csrf import csrf_exempt
from django.views.generic import CreateView, DeleteView, DetailView, ListView, UpdateView, TemplateView
from .models import Note
class NoteApiSaveView(View):
http_method_names = ['post']
- @csrf_exempt
- def dispatch(self, *args, **kwargs):
- return super().dispatch(*args, **kwargs)
-
def post(self, request, *args, **kwargs):
note = Note.objects.get(slug=kwargs['slug'])
note.text = request.POST['text']