New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enabling CSRF Middleware breaks admin site #2
Comments
this will be fixed when django 1.1 lands |
from http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#upgrading-notes "Note that contrib apps, such as the admin, have been updated to use the csrf_protect decorator, so that they are secured even if you do not add the CsrfViewMiddleware to your settings. However, if you have supplied customised templates to any of the view functions of contrib apps (whether explicitly via a keyword argument, or by overriding built-in templates), you MUST update them to include the csrf_token template tag as described above, or they will stop working. (If you cannot update these templates for some reason, you will be forced to use CsrfResponseMiddleware for these views to continue working)." |
this is for django 1.2? |
yes, this is for 1.2, the current trunk version. python -c "import django; print django.VERSION" |
Note that CSRF middleware has been enabled by default from trunk revision 11660 onwards. (At this moment the latest revision is 11752.) I had problems with CSRF middleware when trying to edit a django-cms page. I got an error which reads: I checked and there are no problems with revision 11659 of django. So, until this is fixed in django-cms people can use "svn update -r 11659" to revert their django source tree to the latest working revision. |
The fix for PageAdmin is to use the new django.utils.decorators.method_decorator when setting up reversion's create_on_success decorator. See: |
removing the spaceless tags as it mucks with html output
Don't restrict user model name and fix travis python3 build
Merge develop into sane-add-plugin #2
…lve() inconsistency (django-cms#2)
…lve() inconsistency (django-cms#2)
…lve() inconsistency (django-cms#2)
Enabling the CSRF Middleware breaks the following on the admin site:
- Published/In Navigation Checkboxes
- Cut/Paste (moving pages)
- Drag and drop (moving pages)
Because these post to the server, they need to include a token from the CSRF Middleware (if it is enabled). If they do not, the result is a 403 Forbidden.
The text was updated successfully, but these errors were encountered: