On 13 Apr 2011, at 6:27 PM, Doug Hall - iKenga Ltd wrote: > I'm getting " POST http://XXXXXXX/messages/view/48B9E3BB832D.A26ED/ 403 > (FORBIDDEN)" in my console.
The CSRF protection changes that were introduced in Django are not backwards compatible, if you are still using Django 1.1.1 then you need to download this https://github.com/akissa/baruwa/blob/v1.0.1/src/baruwa/static/js/ajax-csrf-tokenize-1.1.js and replace your static/js/ajax-csrf-tokenize.js. The explanation can be found here http://www.djangoproject.com/weblog/2011/feb/08/security/ http://www.djangoproject.com/weblog/2011/feb/10/security-errata/ - Andrew -- Baruwa - www.baruwa.org _______________________________________________ Baruwa mailing list [email protected] http://lists.baruwa.org/mailman/listinfo/baruwa
