Nexus' nexus.js includes a beforeSend function for the Jquery global setup to pass the CSRF protection token into the headers before any XHR call. When the XHR request is sent from gargoyle.js say to add a new switch its adding another copy of the token into the header. This causes Django 1.3 to reject the request with a invalid token.
gargoyle.js should check if the header has already been defined, if so skip setting the header again. Then again, as this segment of code would not be called unless Nexus is installed maybe it should be removed.
Nexus' nexus.js includes a beforeSend function for the Jquery global setup to pass the CSRF protection token into the headers before any XHR call. When the XHR request is sent from gargoyle.js say to add a new switch its adding another copy of the token into the header. This causes Django 1.3 to reject the request with a invalid token.
gargoyle.js should check if the header has already been defined, if so skip setting the header again. Then again, as this segment of code would not be called unless Nexus is installed maybe it should be removed.