Django 1.2 CSRF not supported

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Install django-forum with a recent Django 1.2 beta
2. Enable CsrfViewMiddleware
3. Try to post to a forum

What is the expected output? What do you see instead?
A message being posted. Instead, I get the CSRF_FAILURE_VIEW.

Original issue reported on code.google.com by dr.z...@googlemail.com on 9 Apr 2010 at 11:20

[GoogleCodeExporter]

Just to be clear, the old-style CSRF works however the new Django 1.2 CSRF 
middleware
doesn't.

No changes have been made to support Django 1.2 at this stage; I'm sure there 
will be
more to come. We also need to make sure we stay compatible with earlier 
versions of
Django.

Original comment by rwpoul...@gmail.com on 10 Apr 2010 at 3:59

• Changed title: Django 1.2 CSRF not supported
• Changed state: Accepted

[GoogleCodeExporter]

Hi guys,

Thanks for this great software. I just added it to a Django 1.2.3. project and 
I am having the problem above with CSRF. What is the workaround? (I have tried 
adding csrf_protect tags in the templates concerned as well as having the CSRF 
Middleware in my settings. No joy still, otherwise the admin works fine. What 
to do?

Original comment by zebr...@gmail.com on 14 Oct 2010 at 8:56

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

The workaround I've found is:
1. In views.py add:
    from django.core.context_processors import csrf
2. In every single view dealing with POSTing forms not using RequestContext add:
    c = {}
    c.update(csrf(request))
and in the returned generic views not using RequestContext add in extra_content 
dictionary:
    'csrf': c,
3. In all templates containing form add right after form tag:
    {% csrf_token %}
AFAIK the only view/template not dealing with POSTing forms is forums list.
Attached summary diff from mercurial.
HTH.
Cheers.

Original comment by aspon...@gmail.com on 18 Oct 2010 at 10:36

Attachments:

• CSRF-1.2-style.diff