What steps will reproduce the problem? 1. Install django-forum with a recent Django 1.2 beta 2. Enable CsrfViewMiddleware 3. Try to post to a forum

What is the expected output? What do you see instead? A message being posted. Instead, I get the CSRF_FAILURE_VIEW.

Just to be clear, the old-style CSRF works however the new Django 1.2 CSRF middleware doesn't.

No changes have been made to support Django 1.2 at this stage; I'm sure there will be more to come. We also need to make sure we stay compatible with earlier versions of Django.

Hi guys,

Thanks for this great software. I just added it to a Django 1.2.3. project and I am having the problem above with CSRF. What is the workaround? (I have tried adding csrf_protect tags in the templates concerned as well as having the CSRF Middleware in my settings. No joy still, otherwise the admin works fine. What to do?

Comment deleted

The workaround I've found is: 1. In views.py add: from django.core.context_processors import csrf 2. In every single view dealing with POSTing forms not using RequestContext add: c = {} c.update(csrf(request)) and in the returned generic views not using RequestContext add in extra_content dictionary: 'csrf': c, 3. In all templates containing form add right after form tag: {% csrf_token %} AFAIK the only view/template not dealing with POSTing forms is forums list. Attached summary diff from mercurial. HTH. Cheers.