On Tue, May 13, 2014 at 4:36 PM, hinnack <[email protected]> wrote: > > Am Dienstag, 13. Mai 2014 16:48:57 UTC+2 schrieb Tom Evans: >> >> On Tue, May 13, 2014 at 2:49 PM, hinnack <[email protected]> wrote: >> > Hi, >> > >> > how can I turn off csrf completely - even in the admin interface? >> > >> > My base problem is, that with IE11 (and only IE11) I can not save any >> > form >> > in the admin interface. I always get: >> > >> > CSRF verification failed. Request aborted >> >> That message comes from django.views.csrf.csrf_failure. This view is >> only called from the csrf middleware.. >> >> > >> > >> > I have no csrf middleware set. What else must be done? >> > >> >> ... which suggests this is not true - re-check that you have actually >> removed it, go to a django shell, type these commands: >> >> from django.conf import settings >> settings.MIDDLEWARE_CLASSES >> >> is CsrfViewMiddleware listed there? If it isn't, have you tried >> turning it off and then on again? >> >> Cheers >> >> Tom > > > Thanks Tom, > > but I definitely did that - here is the result: > ('django.middleware.common.CommonMiddleware', > 'django.contrib.sessions.middleware.SessionMiddleware', > 'schiwago.middleware.header.ResponseInjectHeader', > 'schiwago.middleware.auth.BasicAuthMiddleware', > 'django.contrib.messages.middleware.MessageMiddleware', > 'django.middleware.transaction.TransactionMiddleware') >
Well, look: The message you report comes from the csrf failure view: https://github.com/django/django/blob/stable/1.6.x/django/views/csrf.py#L34 The csrf failure view is only invoked from one place, the csrf middleware: https://github.com/django/django/blob/stable/1.6.x/django/middleware/csrf.py#L94 > What do you mean by turn on/off again? Enable the CsrfViewMiddleware again? Sorry, this was a bad joke from a UK TV show, "The IT Crowd", they first question they ask is "have you tried turning it off and then on again". I was referring to the server itself - have you restarted the server since making the change. Making the change in the settings.py would have it reflected in a new django shell, but not in an already running webserver. Cheers Tom -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFHbX1KrvFJnOmodqYgibEuiqwkgLJG9iRkfi1pTVsK2E9kJsw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
