POSTing json data to Django (ajax)

1. jQuery.ajax() doesn't automatically encode data to JSON

Your client code is responsible for encoding its data into a json string, otherwise jQuery.ajax() will try to send it as a query-string. Even if you set the 'contentType' to "application/json" and provide an object that can be serialized into json, the ajax() function will turn it into a query-string.

$.ajax({
   type: 'POST',
    contentType: "application/json",
    data: {"test": 1});

-> data will be sent as "?test=1"

Note: as long as you don't need to send (complex) objects, it may be easier to send query-string formatted data to Django. See this post for more details.

So, your client code will need to turn its data into a json string, before passing it to ajax().

$.ajax({
   type: 'POST',
    contentType: "application/json",
    data: JSON.stringify({"test": 1}));

This also works on objects:

var tmpObject = new Object();
tmpObject.test = 1;
$.ajax({
   type: 'POST',
    contentType: "application/json",
    data: JSON.stringify(tmpObject));

2. Django doesn't automatically handle JSON encoded data

When form-encoded data is received in a POST request, django will automatically populate its HttpRequest.POST dictionary object (and also HttpRequest.REQUEST). This doesn't happen with json data: HttpRequest.POST will remain empty.

The POSTed data is available through HttpRequest.body (or by calling request.read()), which contains the raw HTTP request body as a byte string. To turn it into a python object, your view needs to do the following:

// assuming request.body contains json data which is UTF-8 encoded
json_str = request.body.decode(encoding='UTF-8')
// turn the json bytestr into a python obj
json_obj = json.loads(json_str, ensure_ascii = False)

3. Don't forget to send the csrf_token

Since Django isn't able to parse the json data itself, you can not simply pass the csrf_token as part of your data. If you don't provide the csrf_token in some other way, the CsrfViewMiddleware will raise an exception before your view code is being executed.

The easiest way to avoid this, is by setting a custom X-CSRFToken header. This is described in the django docs: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax. However, since the use of jQuery.ajaxSetup is not recommended, it's probably better to do this by handling the ajaxSend event instead (see this example).

Comments

Post a Comment

Popular posts from this blog

Handling control characters (escaping) in python for json and mysql

JSON loads() and dumps(): how control characters are handled The json lib escapes control characters when you dump(s) a python object into a json string. import json aa = "String with\ttab and\nnewline" print "1. Py string with control chars, unescaped: '%s'" % aa aa = json.dumps(aa, indent = 2, encoding="utf8") # dumping py-obj into json-string will cause control chars to be escaped print "\n2. JSON Encoded String with control chars, escaped: '%s'" % aa aa = json.loads(aa) # loading json-string into py-obj will leave control chars unescaped print "\n3. Py object (= string) with control chars, unescaped: '%s'" % aa Output: 1. Py string with control chars, unescaped: 'String with tab and newline' 2. JSON Encoded String with control chars, escaped: '"String with\ttab and\nnewline"' 3. Py object (= string) with control chars, unescaped: 'String with tab and newline' Note that json.l...
Read more

python port sniffer with pcapy and impacket

The code below will sniff all network traffic (use a filter to limit the sniffer to only certain packets) during 1000 milliseconds and print some info about it. It requires 2 python modules: pcapy for capturing the packets impacket for analyzing the packet content Note that this sample uses pcapy's dispatch() method and relies on its ability to return automatically after a timeout expires. This functionality is not available on all platforms (e.g. not on linux). import os, logging, socket import pcapy, impacket, impacket.ImpactDecoder ETHERNET_MAX_FRAME_SIZE = 1518 PROMISC_MODE = 0 class Packet(object): def __init__(self, bytes, sniffed_bytes, timestamp, proto_id, src_ip, tgt_ip, src_port, tgt_port, msgs): """ @brief Initialize data. """ super(Packet, self).__init__() self.bytes = bytes self.sniffed_bytes = sniffed_bytes self.src_ip = src_ip self.tgt_ip = tgt_ip self.src_port = src_port self.tgt_port = tgt_port ...
Read more

Django field, form and model validation process

Django's form and field validation process can be best understood by looking at the code in django's BaseForm class (in django.forms.forms) - see below. See also this blog post for a graphic overview. The form.full_clean() method is called by django at the start of the validation process (by form.is_valid(), usually immediately after the view receives the posted data). full_clean() performs a 3 phase validation , with each phase corresponding to a call of one of the protected methods below: self._clean_fields() : Field validation This method iterates over the form fields: For each field, it calls the Widget's value_from_datadict() method, passing the complete post data in a QueryDict. The Widget's task is to retrieve its own value from this QueryDict and return it. The returned value is then passed to the Field's own clean() method. This method does the initial validation (e.g. checking if the value is not empty), without touching the db. If the Field's...
Read more