dojo - dojox.form.Uploader 403 error from django server -

i have simple form i've added uploader to. when invoke uploader, django returns {"detail":"csrf failed: csrf token missing or incorrect."} uploader:

            var ul = new uploader(             {                 label:"programmed uploader",                 multiple:false,                 uploadonselect:true,                 url:environment.apiroot + "upload/",                 headers:{                     "accept" : "application/json",                     "x-csrftoken" : dojo.cookie("csrftoken")                 }             }).placeat(form); 

i created simple "test" button invokes function performs same post.

            new button({                 name:"cancel2",                 //id:"cancel",                 label:"cancel" ,                 placement:"secondary",                 onclick:lang.hitch(this,function(event){                     this._testpost()                 })             }).placeat(form);    

this relavent header uploader post

cookie djdt=hide; csrftoken=wwlarc9ouevblkfgnedu2ae4et9z0kos;sessionid=du37rjyam6v69mw0bgctkbw708xlvc5g

this _testpost()

    _testpost: function (){         xhr.post({             url: environment.apiroot + "upload/",             handleas: "json",             postdata: json.stringify(data),             headers: {                 "content-type": "application/json",                 "accept" : "application/json",                 "x-csrftoken" : dojo.cookie("csrftoken")             },             loadingmessage: "submitting  form..."         }).then(              lang.hitch(this,function(result) {                 form = t._f_form;                 dojo.destroy(form);                 this._float.destroyrecursive();                 alert(result['result_text']);                  result['message'] = "update request accepted";              }),lang.hitch(this, function(err){                 form = t._f_form;                 dojo.destroy(form);                 this._float.destroyrecursive();                 topic.publish("/application/message","an error occurred.");         }));     

this relevant header invoking _testpost function

cookie djdt=hide; csrftoken=wwlarc9ouevblkfgnedu2ae4et9z0kos;sessionid=du37rjyam6v69mw0bgctkbw708xlvc5g

x-csrftoken wwlarc9ouevblkfgnedu2ae4et9z0kos

the key difference being in _testpost x-csrftoken put header, on uploader post, don't have means put in x-csrftoken (my headers attribute seems ignored - tried see if work)

is there way additional headers uploader

unfortunately, dojox.form.uploader not allow headers added.

there couple options. sounds have access csrf token , append url. option may provide csrf token cookie , should sent xhr , flash request.