Cross-domain redirect to a partially filled form on Django web application

I have an HTML form in my Django web application (NOT implemented using Django forms) that does POST request.

Now I want to implement a feature so that other web apps, not necessarily django, from different domains, can send some data to my application and get redirected to the web page with this form, partially filled with that data (the data can be JSON).

Besides redirecting, after the user clicks submit on my form, I would also want to send a message 开发者_如何学运维to the other server with some short text information.

I am not sure what is the best way to implement this. REST interface like Piston?

Could you give me some general directions I should follow?

---

You should create a view that handles the POST data from the form and the external web apps.

You should be able to check whether the data you are getting in the view is coming from your site or another by checking request.META['HTTP_REFERER'].

If it is from your site, you can just handle the form as you usually would.

However if it is from an external site, you would instead render the template with the form in it. You can put the information you got from the external site into the context, so you can pre-fill the form in the template.

You should also include a flag in the form to say that this was from an external site, something like:

<input type="hidden" name="external_site_url" value="{{ external_site_url }}">

After that form is submitted, you can check for the existence of external_site_url. If it exists you can then send the message to the other server.

Note, because you want other apps to use your view, you'll have to disable CSRF protection on the view (https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#csrf-protection-should-be-disabled-for-just-a-few-views).

Also, by allowing other apps to use your view, you are opening yourself up to a lot of possible attacks. Be very careful with input validation and only give the view the ability to do the things it really needs -- you don't want an external app to be able to delete entries in your database for example.