On Wed, Aug 18, 2010 at 2:20 PM, PieterB <pieter.ba...@gmail.com> wrote: > No I did not. > I've only a modified (created) admin.py for each app in the project. > > Maybe this is also important: we use a proxy, maybe it's something > with the cache? > What can cause csrf verification to go crazy?
Depends on the operation of your proxy cache. If it's not handling cookies correctly, then this could be the source of your problem. At it's core, the CSRF process is simple. You visit a view. Your browser gets a CSRF cookie set. You submit a form. That form submission must provide the CSRF token as a form element. If the csrf token on the submitted form does not exist, or doesn't match the cookie, the form submission is rejected as a CSRF failure. There are really only three things that can go wrong in the CSRF process: * The cookie wasn't set when the form was originally requested * The cookie isn't submitted along with the POST request * The form data doesn't contain the CSRF token. As I've said in other threads recently, we (the Django core team) take backwards compatibility *very* seriously. We are not aware of any backwards compatibility problems in Django 1.2, caused by the CSRF framework or otherwise. We believe the release notes document all the possible problems you may encounter as part of the upgrading process. If you can provide any evidence to the contrary, we would consider it a major flaw, and it would almost certainly simulate a point release to correct the problem. Yours, Russ Magee %-) -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
