403 on ajax request to own domain

I'm trying to use an ajax request to call a function in a different view, but I'm getting a 403 error.

excerpt from my template:

    FB.ui({ method: 'apprequests', title: 'Invite your friends to answer questions!', message:'Invite your friends!'},
    function(response) {
      开发者_StackOverflow  jQuery.ajax({
            url: "/canvas/request/",
            type: "post",
            data: {qid: {{ qid }} , request_ids: response.request_ids}
        })
    });

excerpt from my view:

def save_request(request):
    print("in save request")
    for id in request.request_ids:
        share = ShareRequest
        share.question = request.qid
        share.share_id = id
        share.save()

excerpt from my urls:

urlpatterns = patterns(...
    (r'^request/', save_request),

returns [06/Sep/2011 13:35:56] "POST /canvas/request/ HTTP/1.1" 403 2332

I'm really confused.

Perhaps you need to add the CSRF token to your request? Some details are at https://docs.djangoproject.com/en/dev/ref/contrib/csrf/.

BAD but QUICK solution for keep yourself not in the stealth mode:

from django.views.decorators.csrf import csrf_exempt

use this @csrf_exempt decorator at your views to ignore the csrf issue.

But This is a bad habbit. So make sure your sites csrf protected. And follow the django documentation.