#34953: CSRF verification fails even with CSRF middleware commented out
----------------------------------------+------------------------
Reporter: Fabio Araujo | Owner: nobody
Type: Bug | Status: new
Component: CSRF | Version: 4.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
----------------------------------------+------------------------
I'm running Django 4.2.5 in a development environment and the CSRF
middleware is not behaving as expected.
First, it was raising CSRF verification fail even when I knew the requests
were being made from my own application. This happens inconsistently.
Sometimes just by refreshing the page it works.
So I set the CSRF_TRUSTED_ORIGINS to try to get it working. It still
behave the same way, sometimes throwing the exception and sometimes not,
for the same views.
The next thing I tried was to completely bypass the CSRF verification by
commenting out the `django.middleware.csrf.CsrfViewMiddleware`. To my
profound astonishment, it still raises the error even though I thought it
should never even check the CSRF token in the first place.
--
Ticket URL: <https://code.djangoproject.com/ticket/34953>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107018baab67d53-9485b850-372e-41ff-8885-85041b3094ec-000000%40eu-central-1.amazonses.com.
