#34953: CSRF verification fails even with CSRF middleware commented out ----------------------------------------+------------------------ Reporter: Fabio Araujo | Owner: nobody Type: Bug | Status: new Component: CSRF | Version: 4.2 Severity: Normal | Keywords: Triage Stage: Unreviewed | Has patch: 0 Needs documentation: 0 | Needs tests: 0 Patch needs improvement: 0 | Easy pickings: 0 UI/UX: 0 | ----------------------------------------+------------------------ I'm running Django 4.2.5 in a development environment and the CSRF middleware is not behaving as expected.
First, it was raising CSRF verification fail even when I knew the requests were being made from my own application. This happens inconsistently. Sometimes just by refreshing the page it works. So I set the CSRF_TRUSTED_ORIGINS to try to get it working. It still behave the same way, sometimes throwing the exception and sometimes not, for the same views. The next thing I tried was to completely bypass the CSRF verification by commenting out the `django.middleware.csrf.CsrfViewMiddleware`. To my profound astonishment, it still raises the error even though I thought it should never even check the CSRF token in the first place. -- Ticket URL: <https://code.djangoproject.com/ticket/34953> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/0107018baab67d53-9485b850-372e-41ff-8885-85041b3094ec-000000%40eu-central-1.amazonses.com.