403 Forbidden CSRF verification failed. Request aborted.

[GoogleCodeExporter]

What steps will reproduce the problem?
1: Update Django to latest SVN
2: Try add page in admin

What is the expected output? What do you see instead?

Submitted new page

Are you using the trunk version or a released version of this CMS?

Trunk of django and CMS

Error:

403 Forbidden

CSRF verification failed. Request aborted.

Original issue reported on code.google.com by Enlight...@gmail.com on 27 Oct 2009 at 1:16

[GoogleCodeExporter]

Fixed by adding {% csrf_token %} to all POST forms.

Original comment by Enlight...@gmail.com on 27 Oct 2009 at 1:46

[GoogleCodeExporter]

Thanks a lot for spotting that. Can you provide a patch?

Original comment by batiste....@gmail.com on 28 Oct 2009 at 8:11

[GoogleCodeExporter]

I don' think a patch is needed, since the problem is an oversight by Core-Dev 
rather 
then a permantent change.

They are fixing it in Django-Core, so that developers like the Django-Page-CMS 
crew 
don't have to see CSRF as a nuisance.

Original comment by Enlight...@gmail.com on 29 Oct 2009 at 8:51

[GoogleCodeExporter]

All the tests pass here with the latest Django so it seems it's already fixed. 
Do you 
think ths CMS need to implement this functionality?

If yes we could do it. It's probably quite easy. I am just afraid of breaking 
all the 
tests...

Original comment by batiste....@gmail.com on 29 Oct 2009 at 11:58

[GoogleCodeExporter]

It automatically gets implemented in the admin pages.

So I guess that for the front-end you might be good to implement it too, but 
from what 
I see, its very simple by adding the correct tags in the templates, or maybe 
calling an 
additional contrib library into the app.

The CSRF stuff only applies to POST/GET in forms from what I can see.

Original comment by Enlight...@gmail.com on 29 Oct 2009 at 2:52

[GoogleCodeExporter]

I added the token in 2 forms in the admin. The ajax calls should also use the 
CSRF system but I 
haven't the time to implement it yet.

Original comment by batiste....@gmail.com on 3 Nov 2009 at 1:32

[GoogleCodeExporter]

Hi. I have Django revision 12223 and this problem is still there.

Original comment by adolfo.fitoria on 13 Jan 2010 at 3:42

[GoogleCodeExporter]

yup, still a prob; am currently wondering if I'll be able to identify where to 
insert 
the csrf tags; am new to this app and the url processing and forms look a 
little 
obscure at present

Original comment by dharrima...@gmail.com on 28 Jan 2010 at 7:44

[GoogleCodeExporter]

I have this problem in a pinax-project.

I solved it  by adding {% csrf_token %} right after the <form> tags in 
change_form.html and plugin_change.html

Or at least I think it's solved for me currently.

Original comment by AndreasK...@gmail.com on 31 Jan 2010 at 1:15

[GoogleCodeExporter]

Why is this bug triggered even without using CsrfViewMiddleware ?

Original comment by dusan.ma...@gmail.com on 14 Mar 2010 at 6:59

[GoogleCodeExporter]

please see this urls
http://jordanmessina.com/2010/05/24/django-1-2-csrf-verification-failed/comment-
page-1/#comment-3471,
hope this helps.

Original comment by bhrs_t...@yahoo.com on 1 Jun 2010 at 10:07