KeyError: 'CSRF_COOKIE'

[amureki]

Greetings!

We have a pretty standard django-hijack setup and most of the times it just works.
However, we are noticing in Sentry a flaky hijjack issue:

KeyError: 'CSRF_COOKIE'
  File "django/core/handlers/exception.py", line 55, in inner
    response = get_response(request)
  File "django/utils/deprecation.py", line 136, in __call__
    response = self.process_response(request, response)
  File "hijack/middleware.py", line 47, in process_response
    {"request": request, "csrf_token": request.META["CSRF_COOKIE"]},

So, the library is trying to access CSRF cookie from request.META, but it is not available in the given <WSGIRequest: GET '/'> instance.

hijack.middleware.HijackUserMiddleware is placed after the CSRF one:

MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    ...
    "hijack.middleware.HijackUserMiddleware",
]

Sadly, I am still not able to reproduce it. I only can suspect that in certain pages when we are redirecting after hijacking there is no CSRF token set from template. Do you have any ideas on this, maybe hints?

I am happy to prepare a patch here or will wait for your solution.

Best,
Rust

[codingjoe]

Thanks @amureki. I think I did produce this error once, but I'd need some time to figure out how.

If you have an idea for a patch, shoot. However, I'd be interesting to know why there isn't a CSRF token.