tags:

views:

270

answers:

3
+1  Q: 

django: after upgrade to 1.2 CSRF raises 403 though I don't have CSRF protection enabled

I have just upgraded to Django 1.2 and I am trying to run my project. After I login I get 

Forbidden (403)
CSRF verification failed. Request aborted.

which is strange because I haven't enabled CSRF protection previously. Do I have to configure something else to have my project work?

A: 

http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#upgrading-notes

Daniel Roseman  2010-06-07 12:03:09
I have read this doc first :-) `If you do not have any of the middleware in your MIDDLEWARE_CLASSES, you will have a working installation but without any CSRF protection for your views (just as you had before).` I don't have any middleware enabled, but I get 403 anyway.
gruszczy  2010-06-07 12:08:22
+1  A: 

It seems, that CSRF protection is on for contrib.admin views, which I use for login. This is why I get 403.

gruszczy  2010-06-07 12:45:49
+2  A: 

Yep, that's because you use contrib.admin view for login with a custom template. You should add csrf_token to your login template.

DataGreed  2010-07-08 17:12:34

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django