My favorites | Sign in
Project Home Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
  Advanced search   Search tips   Subscriptions
Issue 91: Django 1.2 CSRF not supported
3 people starred this issue and may be notified of changes. Back to list
Status:  Accepted
Owner:  rwpoul...@gmail.com


 
Reported by dr.z...@googlemail.com, Apr 9, 2010
What steps will reproduce the problem?
1. Install django-forum with a recent Django 1.2 beta
2. Enable CsrfViewMiddleware
3. Try to post to a forum

What is the expected output? What do you see instead?
A message being posted. Instead, I get the CSRF_FAILURE_VIEW.

Apr 9, 2010
Project Member #1 rwpoul...@gmail.com
Just to be clear, the old-style CSRF works however the new Django 1.2 CSRF middleware
doesn't.

No changes have been made to support Django 1.2 at this stage; I'm sure there will be
more to come. We also need to make sure we stay compatible with earlier versions of
Django.
Summary: Django 1.2 CSRF not supported
Status: Accepted
Owner: rwpoulton
Oct 14, 2010
#2 zebr...@gmail.com
Hi guys,

Thanks for this great software. I just added it to a Django 1.2.3. project and I am having the problem above with CSRF. What is the workaround? (I have tried adding csrf_protect tags in the templates concerned as well as having the CSRF Middleware in my settings. No joy still, otherwise the admin works fine. What to do?
Oct 18, 2010
#4 aspon...@gmail.com
The workaround I've found is:
1. In views.py add:
    from django.core.context_processors import csrf
2. In every single view dealing with POSTing forms not using RequestContext add:
    c = {}
    c.update(csrf(request))
and in the returned generic views not using RequestContext add in extra_content dictionary:
    'csrf': c,
3. In all templates containing form add right after form tag:
    {% csrf_token %}
AFAIK the only view/template not dealing with POSTing forms is forums list.
Attached summary diff from mercurial.
HTH.
Cheers.

CSRF-1.2-style.diff
5.0 KB   View   Download

Powered by Google Project Hosting