Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enabling CSRF Middleware breaks admin site #2

Closed
digi604 opened this issue Apr 17, 2009 · 6 comments
Closed

Enabling CSRF Middleware breaks admin site #2

digi604 opened this issue Apr 17, 2009 · 6 comments

Comments

@digi604
Copy link
Contributor

digi604 commented Apr 17, 2009

Enabling the CSRF Middleware breaks the following on the admin site:
- Published/In Navigation Checkboxes
- Cut/Paste (moving pages)
- Drag and drop (moving pages)

Because these post to the server, they need to include a token from the CSRF Middleware (if it is enabled). If they do not, the result is a 403 Forbidden.
@digi604
Copy link
Contributor Author

digi604 commented Apr 23, 2009

this will be fixed when django 1.1 lands

@airstrike
Copy link

from http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#upgrading-notes

"Note that contrib apps, such as the admin, have been updated to use the csrf_protect decorator, so that they are secured even if you do not add the CsrfViewMiddleware to your settings. However, if you have supplied customised templates to any of the view functions of contrib apps (whether explicitly via a keyword argument, or by overriding built-in templates), you MUST update them to include the csrf_token template tag as described above, or they will stop working. (If you cannot update these templates for some reason, you will be forced to use CsrfResponseMiddleware for these views to continue working)."

@digi604
Copy link
Contributor Author

digi604 commented Nov 13, 2009

this is for django 1.2?

@airstrike
Copy link

yes, this is for 1.2, the current trunk version.

python -c "import django; print django.VERSION"
(1, 2, 0, 'alpha', 0)

@m000
Copy link
Contributor

m000 commented Nov 19, 2009

Note that CSRF middleware has been enabled by default from trunk revision 11660 onwards. (At this moment the latest revision is 11752.)

I had problems with CSRF middleware when trying to edit a django-cms page. I got an error which reads:
'PageAdmin' object has no attribute 'COOKIES'

I checked and there are no problems with revision 11659 of django. So, until this is fixed in django-cms people can use "svn update -r 11659" to revert their django source tree to the latest working revision.

@fairview
Copy link

The fix for PageAdmin is to use the new django.utils.decorators.method_decorator when setting up reversion's create_on_success decorator. See:

http://code.djangoproject.com/ticket/12804

http://docs.djangoproject.com/en/dev/releases/1.2/#user-passes-test-login-required-and-permission-required

@yakky yakky mentioned this issue Jul 23, 2012
Closed
digi604 added a commit that referenced this issue Oct 3, 2012
@digi604
Merge pull request #2 from digi604/new_i18n_settings
a204712 
New i18n settings
FinalAngel pushed a commit that referenced this issue Nov 7, 2012
Merge pull request #2 from digi604/new_toolbar
9ee2422 
New toolbar
digi604 pushed a commit that referenced this issue Feb 27, 2014
@daegun
Merge pull request #2 from daegun/removeSpaceless
d28dbe0 
removing the spaceless tags as it mucks with html output
koirikivi pushed a commit to koirikivi/django-cms that referenced this issue Feb 28, 2014
@tanderegg
Merge pull request django-cms#2 from koirikivi/develop
0a262f5 
Don't restrict user model name and fix travis python3 build
mkoistinen pushed a commit that referenced this issue Feb 25, 2015
@pevar
Merge pull request #2 from divio/master
1384276 
Master Update from original
czpython added a commit that referenced this issue Dec 30, 2015
@czpython
Merge pull request #2 from czpython/fixes/3.2-issue-4856
5be5157 
adds fix for #4856
czpython added a commit that referenced this issue Apr 1, 2016
@czpython
Merge pull request #5122 from czpython/merge/sane-add-plugin-2
7a0c61f 
Merge develop into sane-add-plugin #2
corentin-cres added a commit to high-testing/django-cms that referenced this issue Sep 13, 2018
@corentin-cres
Changes the way we resolve the page object using the path due to reso…
06ce79c 
…lve() inconsistency (django-cms#2)
corentin-cres added a commit to high-testing/django-cms that referenced this issue Sep 13, 2018
@corentin-cres @ianare
Changes the way we resolve the page object using the path due to reso…
347dc0e 
…lve() inconsistency (django-cms#2)
ianare pushed a commit to high-testing/django-cms that referenced this issue Mar 7, 2019
@corentin-cres
Changes the way we resolve the page object using the path due to reso…
3b73bb6 
…lve() inconsistency (django-cms#2)
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@digi604 @m000 @airstrike @fairview