On Tue, May 13, 2014 at 4:36 PM, hinnack <henrik.gens...@miadi.net> wrote:
>
> Am Dienstag, 13. Mai 2014 16:48:57 UTC+2 schrieb Tom Evans:
>>
>> On Tue, May 13, 2014 at 2:49 PM, hinnack <henrik....@miadi.net> wrote:
>> > Hi,
>> >
>> > how can I turn off csrf completely - even in the admin interface?
>> >
>> > My base problem is, that with IE11 (and only IE11) I can not save any
>> > form
>> > in the admin interface. I always get:
>> >
>> > CSRF verification failed. Request aborted
>>
>> That message comes from django.views.csrf.csrf_failure. This view is
>> only called from the csrf middleware..
>>
>> >
>> >
>> > I have no csrf middleware set. What else must be done?
>> >
>>
>> ... which suggests this is not true - re-check that you have actually
>> removed it, go to a django shell, type these commands:
>>
>> from django.conf import settings
>> settings.MIDDLEWARE_CLASSES
>>
>> is CsrfViewMiddleware listed there? If it isn't, have you tried
>> turning it off and then on again?
>>
>> Cheers
>>
>> Tom
>
>
> Thanks Tom,
>
> but I definitely did that - here is the result:
> ('django.middleware.common.CommonMiddleware',
> 'django.contrib.sessions.middleware.SessionMiddleware',
> 'schiwago.middleware.header.ResponseInjectHeader',
> 'schiwago.middleware.auth.BasicAuthMiddleware',
> 'django.contrib.messages.middleware.MessageMiddleware',
> 'django.middleware.transaction.TransactionMiddleware')
>
Well, look:
The message you report comes from the csrf failure view:
https://github.com/django/django/blob/stable/1.6.x/django/views/csrf.py#L34
The csrf failure view is only invoked from one place, the csrf middleware:
https://github.com/django/django/blob/stable/1.6.x/django/middleware/csrf.py#L94
> What do you mean by turn on/off again? Enable the CsrfViewMiddleware again?
Sorry, this was a bad joke from a UK TV show, "The IT Crowd", they
first question they ask is "have you tried turning it off and then on
again".
I was referring to the server itself - have you restarted the server
since making the change. Making the change in the settings.py would
have it reflected in a new django shell, but not in an already running
webserver.
Cheers
Tom
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CAFHbX1KrvFJnOmodqYgibEuiqwkgLJG9iRkfi1pTVsK2E9kJsw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
