Showing posts with label post. Show all posts
Showing posts with label post. Show all posts
Monday, April 6, 2015
ajax post request: simple
An ajax post request can be as simple as any form in django. Just remember the csrf token!
Saturday, December 6, 2014
Tuesday, November 25, 2014
Excel to web and back again
The goal here is to learn to take a number in Excel and then automatically post it to a site on the web.
A second goal is to automatically read a number from the web.
This guy used VBA in word to call a Windows library. So this solution is Windows only, but . . . maybe Excel is mostly Windows only anyway:
http://www.wayne-robinson.com/journal/2009/7/28/wordexcel-http-post.html
A more general discussion is here:
http://stackoverflow.com/questions/158633/how-can-i-send-an-http-post-request-to-a-server-from-excel-using-vba
From that discussion, one person used Querytables from VBA, which meant his solution worked for both Windows and Mac:
http://numbers.brighterplanet.com/2011/01/06/using-web-services-from-excel/
He also has a little bit to teach about going from the web to Google Docs and back.
But here's a more comprehensive resource if you're looking to learn about Google docs:
http://builtvisible.com/playing-around-with-importxml-in-google-spreadsheets/
Might need to learn about Xpath for this.
It's also possible to link to a specific cell in Excel:
http://support.microsoft.com/KB/197922
Web queries in Excel:
http://www.vertex42.com/News/excel-web-query.html
A second goal is to automatically read a number from the web.
This guy used VBA in word to call a Windows library. So this solution is Windows only, but . . . maybe Excel is mostly Windows only anyway:
http://www.wayne-robinson.com/journal/2009/7/28/wordexcel-http-post.html
A more general discussion is here:
http://stackoverflow.com/questions/158633/how-can-i-send-an-http-post-request-to-a-server-from-excel-using-vba
From that discussion, one person used Querytables from VBA, which meant his solution worked for both Windows and Mac:
http://numbers.brighterplanet.com/2011/01/06/using-web-services-from-excel/
He also has a little bit to teach about going from the web to Google Docs and back.
But here's a more comprehensive resource if you're looking to learn about Google docs:
http://builtvisible.com/playing-around-with-importxml-in-google-spreadsheets/
Might need to learn about Xpath for this.
It's also possible to link to a specific cell in Excel:
http://support.microsoft.com/KB/197922
Web queries in Excel:
http://www.vertex42.com/News/excel-web-query.html
Thursday, November 13, 2014
csrf and request API
Notes to self on csrf protection in Django:
Django has built-in csrf protection if you use their decorators and form system. In fact, by default you can't process a POST request without csrf protection. Unfortunately, that protection acts as a wall against API POST requests not generated by the system.
The solution is simple: two views. The view that you have to handle a GUI form needs the decorate.
A view that handles a curl or other programmatic request needs to be explicitly absolved of the decorator requirement. Protection must come from authenticating each request instead of relying on a previous login--but that's not a hassle to an automated system.
from django.views.decorators.csrf import csrf_exempt, csrf_protect
@csrf_exempt
@csrf_protect
Any guess which view needs which decorator?
The form needs csrf protection because it is relying on a previous login.
The API authenticates every time and needs to be csrf_exempt.
Django has built-in csrf protection if you use their decorators and form system. In fact, by default you can't process a POST request without csrf protection. Unfortunately, that protection acts as a wall against API POST requests not generated by the system.
The solution is simple: two views. The view that you have to handle a GUI form needs the decorate.
A view that handles a curl or other programmatic request needs to be explicitly absolved of the decorator requirement. Protection must come from authenticating each request instead of relying on a previous login--but that's not a hassle to an automated system.
from django.views.decorators.csrf import csrf_exempt, csrf_protect
@csrf_exempt
@csrf_protect
Any guess which view needs which decorator?
The form needs csrf protection because it is relying on a previous login.
The API authenticates every time and needs to be csrf_exempt.
Monday, November 10, 2014
Nice resource for working with the web from Android.
Working with the web is always chancy because you may not have connectivity. You don't want anything to hang, so you need your calls to be asynchronous. Here's a nice library that handles that for you:
http://loopj.com/android-async-http/
http://loopj.com/android-async-http/
The core of django authentication
You can find nice information here:
https://docs.djangoproject.com/en/dev/topics/auth/
and here:
https://docs.djangoproject.com/en/dev/topics/auth/default/
There is a lot to learn. But for me the core of it is this:
https://docs.djangoproject.com/en/dev/topics/auth/
and here:
https://docs.djangoproject.com/en/dev/topics/auth/default/
There is a lot to learn. But for me the core of it is this:
- authentication comes built in by default with simple user objects that include username, password, and email
- if you have a username, a password, and an email address, you can set up a new user using
from django.contrib.auth.models import User >>> user = User.objects.create_user('john', 'lennon@thebeatles.com', 'johnpassword')
- you can check the identity of a user in a view that receives a post request using
from django.contrib.auth import authenticate
username = request.POST['username'] password = request.POST['password'] user = authenticate(username=username, password=password)
Subscribe to:
Posts (Atom)