djangosnippets.org: Latest snippets tagged with 'fb'http://djangosnippets.org/tags/fb/2011-09-05T07:15:18.260157-05:00Manual CSRF check for Django Facebook canvas applications
2011-09-05T07:15:18.260157-05:00krvsshttp://djangosnippets.org/snippets/2538/<p>The way to manually control CSRF correctness for FB applications. Automatic check cannot be used because FB does POST on your canvas URL when initializing your application without CSRF token. If you still want to use Django CSRF stuff do manual checks.</p>
<p>You only need to perform manual check when …</p>
Freely redistributableBypass CSRF check for Facebook canvas apps using POST for canvas
2010-11-23T21:39:44.773031-06:00mjalldayhttp://djangosnippets.org/snippets/2272/<p>This assumes that you have a method called <strong>decode_signed_request</strong> which will validate the signed_request parameter and return None if the validation check fails.</p>
<p>A similar method can be found here - https://github.com/iplatform/pyFaceGraph/blob/70e456c79f1ac1c7eddece03af323346a00481ef/src/facegraph/canvas.py</p>
Freely redistributable