Open GoogleCodeExporter opened 9 years ago
Fixed by adding {% csrf_token %} to all POST forms.
Original comment by Enlight...@gmail.com
on 27 Oct 2009 at 1:46
Thanks a lot for spotting that. Can you provide a patch?
Original comment by batiste....@gmail.com
on 28 Oct 2009 at 8:11
I don' think a patch is needed, since the problem is an oversight by Core-Dev
rather
then a permantent change.
They are fixing it in Django-Core, so that developers like the Django-Page-CMS
crew
don't have to see CSRF as a nuisance.
Original comment by Enlight...@gmail.com
on 29 Oct 2009 at 8:51
All the tests pass here with the latest Django so it seems it's already fixed.
Do you
think ths CMS need to implement this functionality?
If yes we could do it. It's probably quite easy. I am just afraid of breaking
all the
tests...
Original comment by batiste....@gmail.com
on 29 Oct 2009 at 11:58
It automatically gets implemented in the admin pages.
So I guess that for the front-end you might be good to implement it too, but
from what
I see, its very simple by adding the correct tags in the templates, or maybe
calling an
additional contrib library into the app.
The CSRF stuff only applies to POST/GET in forms from what I can see.
Original comment by Enlight...@gmail.com
on 29 Oct 2009 at 2:52
I added the token in 2 forms in the admin. The ajax calls should also use the
CSRF system but I
haven't the time to implement it yet.
Original comment by batiste....@gmail.com
on 3 Nov 2009 at 1:32
Hi. I have Django revision 12223 and this problem is still there.
Original comment by adolfo.fitoria
on 13 Jan 2010 at 3:42
yup, still a prob; am currently wondering if I'll be able to identify where to
insert
the csrf tags; am new to this app and the url processing and forms look a
little
obscure at present
Original comment by dharrima...@gmail.com
on 28 Jan 2010 at 7:44
I have this problem in a pinax-project.
I solved it by adding {% csrf_token %} right after the <form> tags in
change_form.html and plugin_change.html
Or at least I think it's solved for me currently.
Original comment by AndreasK...@gmail.com
on 31 Jan 2010 at 1:15
Why is this bug triggered even without using CsrfViewMiddleware ?
Original comment by dusan.ma...@gmail.com
on 14 Mar 2010 at 6:59
please see this urls
http://jordanmessina.com/2010/05/24/django-1-2-csrf-verification-failed/comment-
page-1/#comment-3471,
hope this helps.
Original comment by bhrs_t...@yahoo.com
on 1 Jun 2010 at 10:07
Original issue reported on code.google.com by
Enlight...@gmail.com
on 27 Oct 2009 at 1:16