Re: CSRF gone haywire
2009/11/27 Tim Valenta : > Also, I've figured out just now while rereading the reply I got, that > "AFAIK" must mean "as far as I know". Please... can we not use > ridiculous short forms for a language that works better when not > profusely abbreviated? That would have been a hundred times harder to > figure out if I were a not a native speaker of English. I can handle > a few of those, like IMHO, but I can't say that I've come across > "AFAIK" often enough to compute that in record time. > You must be joking :) -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: CSRF gone haywire
Okay... so here's the problem. I've been using a template override for change_form.html to always check the object-tools block and add things in there. I tried to be more modular about it, but it never seemed to work out quite right. So I'm overriding the entire template on my own, and I must have copied the template from admin-ui (where, as pointed out, and as I knew already, admin-ui doesn't implement the CSRF system). Consequently, my overridden template was working great, until I got off of the admin-ui branch. Everything started failing like crazy :) Lesson to be learned: Don't accidentally copy a template from a branch. Also, I've figured out just now while rereading the reply I got, that "AFAIK" must mean "as far as I know". Please... can we not use ridiculous short forms for a language that works better when not profusely abbreviated? That would have been a hundred times harder to figure out if I were a not a native speaker of English. I can handle a few of those, like IMHO, but I can't say that I've come across "AFAIK" often enough to compute that in record time. Tim On Nov 27, 10:22 am, Tim Valenta wrote: > > AFAIK admin uses CSRF by default in SVN version. > > I'm sorry, but I have no idea what that means. What is "AFAIK"? > > I've read that page you've linked to, and I fail to see what I've done > wrong (since I didn't explicitly *do* anything). > > Tim > > On Nov 27, 10:18 am, rebus_ wrote: > > > > > 2009/11/27 Tim Valenta : > > > > Has anybody else experienced a senseless failure of the dev trunk's > > > CSRF verification? Very suddenly this morning, Django won't let me > > > change anything in my admin sites. I didn't update my copy of the SVN > > > trunk, but as soon as I took myself off of the admin-ui branch, it > > > flipped out. > > > > Step by step, all I did was move my copy of the main trunk to > > > "_django" instead of "django". I then uncompressed the admin-ui > > > branch to "django" as a replacement. All was well. There are some > > > broken "Add new item" links in that branch, and I got sick of it not > > > working. So I moved my admin-ui trunk to "admin-ui" for safekeeping, > > > and then put back my original copy of the main trunk. > > > > Everything seemed right and good in the world, but for some reason the > > > changelist view wouldn't show any items in its list. Every model > > > suffered from the lack of display. It was weird. It showed a correct > > > total number of items that *should* have been in the list, but no > > > items were present. The HTML was literally not there. > > > > And when I jump directly to a changeform page via the id I knew I was > > > working with, the page would should up, but saving the model keeps > > > triggering the CSRF error response. I don't think the CSRF token is > > > being rendered in the changeform. > > > > Has anybody else experienced this? I seriously haven't touched my > > > copy of the main trunk between my little adventure with the admin-ui > > > branch. For good measure, I updated the repository just now, and it > > > didn't fix it. I removed all of the .pyc files in the Django > > > directory and my project home. > > > > I'm just totally at a loss for what happened. I've dropped the > > > database and rebuilt it... no luck. I'm ready to swear that I didn't > > > change anything at all, and I don't use the CSRF system explicitly, so > > > it's not like I've got bad imports. > > > > Any help? > > > AFAIK admin uses CSRF by default in SVN version. > > >http://docs.djangoproject.com/en/dev/ref/contrib/csrf/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: CSRF gone haywire
> AFAIK admin uses CSRF by default in SVN version. I'm sorry, but I have no idea what that means. What is "AFAIK"? I've read that page you've linked to, and I fail to see what I've done wrong (since I didn't explicitly *do* anything). Tim On Nov 27, 10:18 am, rebus_ wrote: > 2009/11/27 Tim Valenta : > > > > > > > Has anybody else experienced a senseless failure of the dev trunk's > > CSRF verification? Very suddenly this morning, Django won't let me > > change anything in my admin sites. I didn't update my copy of the SVN > > trunk, but as soon as I took myself off of the admin-ui branch, it > > flipped out. > > > Step by step, all I did was move my copy of the main trunk to > > "_django" instead of "django". I then uncompressed the admin-ui > > branch to "django" as a replacement. All was well. There are some > > broken "Add new item" links in that branch, and I got sick of it not > > working. So I moved my admin-ui trunk to "admin-ui" for safekeeping, > > and then put back my original copy of the main trunk. > > > Everything seemed right and good in the world, but for some reason the > > changelist view wouldn't show any items in its list. Every model > > suffered from the lack of display. It was weird. It showed a correct > > total number of items that *should* have been in the list, but no > > items were present. The HTML was literally not there. > > > And when I jump directly to a changeform page via the id I knew I was > > working with, the page would should up, but saving the model keeps > > triggering the CSRF error response. I don't think the CSRF token is > > being rendered in the changeform. > > > Has anybody else experienced this? I seriously haven't touched my > > copy of the main trunk between my little adventure with the admin-ui > > branch. For good measure, I updated the repository just now, and it > > didn't fix it. I removed all of the .pyc files in the Django > > directory and my project home. > > > I'm just totally at a loss for what happened. I've dropped the > > database and rebuilt it... no luck. I'm ready to swear that I didn't > > change anything at all, and I don't use the CSRF system explicitly, so > > it's not like I've got bad imports. > > > Any help? > > AFAIK admin uses CSRF by default in SVN version. > > http://docs.djangoproject.com/en/dev/ref/contrib/csrf/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: CSRF gone haywire
2009/11/27 Tim Valenta : > Has anybody else experienced a senseless failure of the dev trunk's > CSRF verification? Very suddenly this morning, Django won't let me > change anything in my admin sites. I didn't update my copy of the SVN > trunk, but as soon as I took myself off of the admin-ui branch, it > flipped out. > > Step by step, all I did was move my copy of the main trunk to > "_django" instead of "django". I then uncompressed the admin-ui > branch to "django" as a replacement. All was well. There are some > broken "Add new item" links in that branch, and I got sick of it not > working. So I moved my admin-ui trunk to "admin-ui" for safekeeping, > and then put back my original copy of the main trunk. > > Everything seemed right and good in the world, but for some reason the > changelist view wouldn't show any items in its list. Every model > suffered from the lack of display. It was weird. It showed a correct > total number of items that *should* have been in the list, but no > items were present. The HTML was literally not there. > > And when I jump directly to a changeform page via the id I knew I was > working with, the page would should up, but saving the model keeps > triggering the CSRF error response. I don't think the CSRF token is > being rendered in the changeform. > > Has anybody else experienced this? I seriously haven't touched my > copy of the main trunk between my little adventure with the admin-ui > branch. For good measure, I updated the repository just now, and it > didn't fix it. I removed all of the .pyc files in the Django > directory and my project home. > > I'm just totally at a loss for what happened. I've dropped the > database and rebuilt it... no luck. I'm ready to swear that I didn't > change anything at all, and I don't use the CSRF system explicitly, so > it's not like I've got bad imports. > > Any help? > AFAIK admin uses CSRF by default in SVN version. http://docs.djangoproject.com/en/dev/ref/contrib/csrf/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.