<div dir="ltr"><div>Dear All,</div><div><br></div><div>I could able to resolve the issue. The following changes are done. <br></div><div><br></div><div>1. Settings.py
<b> CSRF_COOKIE_HTTPONLY=True</b></div><div><b>2.</b> In following files
<b>X-CSRFToken</b> value is assigned using the
var csrftoken = jQuery("[name=csrfmiddlewaretoken]").val();</div><div> a./usr/lib/python2.7/site-packages/autocomplete_light/templates/autocomplete_light/_ajax_csrf.html-<br> b.. /home/geonode/geonode/static_root/pinax/js/theme.js<br> c. ./home/geonode/geonode/static_root/geonode/js/extjs/GeoNode-mixin.js<br> d../home/geonode/geonode/static_root/pinax/js/theme.js<br> e. /home/geonode/geonode/static_root/geonode/js/utils/util.js<br> f. /home/geonode/geonode/static_root/geonode/js/extjs/GeoNode-mixin.js</div><div><br></div><div>Thanks&Regards,</div><div>Naresh.N<br></div><div><b>
</b>
</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Aug 19, 2019 at 3:05 PM Naresh N <<a href="mailto:naresh919@gmail.com">naresh919@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Dear all,</div><div><br></div><div>The following changes are made to enable HTTPOnly flag for cookies</div><div><br></div><div>1. In settings.py <b> CSRF_COOKIE_HTTPONLY=True</b></div><div>2.<b> X-CSRFToken</b> value is set using the jquery -- <b>var csrftoken = jQuery("[name=csrfmiddlewaretoken]").val();</b></div><div><br></div><div>After doing the above changes layers are not getting upload and showing CSRF validation failed. Please find the attached screenshot with this mail.</div><div><br></div><div>Kindly help me to fix the issue. Apart from above mentioned places is any other places need changes?</div><div><br></div><div>Thanks&Regards,</div><div>Naresh.N</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Aug 16, 2019 at 1:46 PM Naresh N <<a href="mailto:naresh919@gmail.com" target="_blank">naresh919@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Dear All,<div><br></div><div>Kindly help on regarding httponly flag for cookie use in GeoNode.</div><div><br></div><div>Thanks&Regards,</div><div>Naresh.N</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Aug 14, 2019 at 3:03 PM Naresh N <<a href="mailto:naresh919@gmail.com" target="_blank">naresh919@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Dear All,<div><br></div><div>We have used GeoNode for development of our portal.</div><div>As a part of security measures,we have to use cookie set with httponly flag. I have enabled the flag CSRF_COOKIE_HTTPONLY as true in settings.py, then<b> upload layers</b> and other <b>ajax_requsts functions are not working.</b></div><div><br></div><div>Please suggest how to over come this. Which are all the places need to modify the code.</div><div><br></div><div>Thanks&Regards,</div><div>Naresh.N</div></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>