1

Below is what I want to do in django views.

import requests, time
def SOME_VIEW_FOR_AJAX(request):
    if request.is_ajax():
        response = requests.get('API_URL_START_TASK')
        # response is like {'ready':false, 'status':'PENDING'}
        while not response['ready']:
            response = requests.get('API_URL_CHECK_TASK')
            time.sleep(1)
        result = response.get()
        # SOME MORE WORKS ...

via api (celery is on the other PC), this view initiates a celery task, constantly checks a status of the task, and gets the result if the task is done.

Here I concern the presence of time.sleep. This SO POST tells that the use of time.sleep is not appropriate because it holds a current thread. Is there a possible replacement of time.sleep for using django views? or is it allowable to use time.sleep for such a usage?

I am using Django 1.8.6, Apache 2.4 with mod_wsgi, Windows Server 2012 R2. Thanks in advance.

Community
  • 1
  • 1
Leonard2
  • 894
  • 8
  • 21

2 Answers2

1

This is the wrong approach. The whole point of Celery is to offload long-running tasks so that they don't delay the response.

Instead you should immediately return a holding response, then get your front end - maybe via Ajax - to periodically request a status, probably from another view.

Daniel Roseman
  • 588,541
  • 66
  • 880
  • 895
  • yep, I've used the ajax call to work with celery and this worked well. But I am worried about security issues because someone can approach the api url via the HTML/JS source code. this is why I came up with this server-side checking. And of course, the above view function is for ajax call. – Leonard2 May 30 '16 at 08:45
  • 1
    don't really see how your code address any security concern you may have. The ajax call would request a view via a url, and you can do auth checks on the server side (login_required, permission etc). You can periodically check via ajax as suggested by Daniel. – keni May 30 '16 at 09:04
  • @keni thanks for comment. I was concerning such a thing; the machine with celery had to allow all domains for CORS headers because this machine should response for clients. So I was worried about someone who may burden the machine maliciously with repeated ajax requests. I will look at server side check for authentication! – Leonard2 May 30 '16 at 09:16
-1

After the answer and the comment, thankfully, I leave a record for some later use.

As Daniel's answer says, the use of celery is not to wait during some computing by a server. Therefore it is natural for the front end to throw and check a celery task.

And the exposure of url in the javascript is not an issue for security matter. According to This SO post and that, I can regard the api url as a url of a single webpage, which is publicly known and a number of requests do not burden the server.

In my case in which the two servers respectively for the main web service and the computing is separated, CORS headers should be configured. This SO post notes that when you call ajax for a domain different from the host, jQuery does not set the appropriate header so that request.is_ajax() does not work. crossDomain: false in ajax code will solve this problem.

I am still searching and figuring out the server side security... As keni said, This may help.

I guess that my question did not summarize my concerns very well, so I wanted to do it here. Any tip will be welcome.

Community
  • 1
  • 1
Leonard2
  • 894
  • 8
  • 21