{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 欢心 的问题《Django, Secure Login with Ajax from Http page》','https://www.manongdao.com/q-604805.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I log in users from a Http page via ajax. I'm making the request to a secure (https) page. My issue is that I'm not receiving a response because (I assume) my view function is returning an HttpResponse object to the https page (my user is still at http).
Here is the code
@secure_required
def login_async(request):
if request.method=='POST':
email=request.POST.get('email', '')
try:
user=User.objects.get(email__exact=email)
username=user.username
except User.DoesNotExist:
username=''
password=request.POST.get('password', '')
user=auth.authenticate(username=username, password=password)
if user is not None:
auth.login(request,user)
user_status=1
user_fname=user.first_name
user_data=[{'user_status':user_status, 'user_fname':user_fname,'user_favorite':user_favorite,'flag_record':flag_record, 'message_sent':message_sent,'is_post_owner':is_post_owner}]
json_data=json.dumps(user_data)
response=HttpResponse()
response['Content-Type']="text/javascript"
response.write(json_data)
return response
else:
user_data=[{'user_status':user_status}]
json_data=json.dumps(user_data)
response=HttpResponse()
response['Content-Type']="text/javascript"
response.write(json_data)
return response
else:
user_data=[{'user_status':"0"}]
json_data=json.dumps(user_data)
response=HttpResponse()
response['Content-Type']="text/javascript"
response.write(json_data)
return response
Why not just make the whole page https, you ask? Good question. I was having some issues with making the Tweet Button https compatible.
Thanks
If you'd check what your browser is sending over the net you'd see that it's not POST as you wanted but OPTIONS request. It's caused because https XHTTPRequest (AJAX) from http page is treated same way as cross-domain, check jQuery: I get OPTIONS request instead of GET for answer on handling that.
And one more thing, whole:
Could be replaced just by: