On Wed, Aug 18, 2010 at 2:20 PM, PieterB <pieter.ba...@gmail.com> wrote:
> No I did not.
> I've only a modified (created) admin.py for each app in the project.
>
> Maybe this is also important: we use a proxy, maybe it's something
> with the cache?
> What can cause csrf verification to go crazy?

Depends on the operation of your proxy cache. If it's not handling
cookies correctly, then this could be the source of your problem.

At it's core, the CSRF process is simple. You visit a view. Your
browser gets a CSRF cookie set. You submit a form. That form
submission must provide the CSRF token as a form element. If the csrf
token on the submitted form does not exist, or doesn't match the
cookie, the form submission is rejected as a CSRF failure.

There are really only three things that can go wrong in the CSRF process:

 * The cookie wasn't set when the form was originally requested
 * The cookie isn't submitted along with the POST request
 * The form data doesn't contain the CSRF token.

As I've said in other threads recently, we (the Django core team) take
backwards compatibility *very* seriously. We are not aware of any
backwards compatibility problems in Django 1.2, caused by the CSRF
framework or otherwise. We believe the release notes document all the
possible problems you may encounter as part of the upgrading process.

If you can provide any evidence to the contrary, we would consider it
a major flaw, and it would almost certainly simulate a point release
to correct the problem.

Yours,
Russ Magee %-)

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Reply via email to