#24389: CSRF error page requires DjangoTemplates backend
---------------------------------+--------------------------------------
Reporter: uranusjr | Owner: nobody
Type: Bug | Status: new
Component: Template system | Version: 1.8alpha1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+--------------------------------------
Changes (by uranusjr):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Old description:
> When a CSRF error is raised in debug mode, the technical page require
> DjangoTemplates to be rendered. If you have your TEMPLATES setting
> configured without a DjangoTemplates entry, you will instead get a
> ImproperlyConfigured: No DjangoTemplates backend is configured. error.
> This can be resolved if you add a DjangoTemplates entry to the TEMPLATES
> setting, but since the many error pages (500, 404, etc.) work without
> DjangoTemplates, this one probably should, too.
>
> To reproduce:
>
> 1. Create a new project.
>
> 2. Change the TEMPLATES setting to ''not'' include a DjangoTemplates
> entry, e.g.
>
> {{{
> TEMPLATES = [
> {
> 'BACKEND': 'django.template.backends.jinja2.Jinja2',
> 'DIRS': [],
> 'APP_DIRS': True,
> 'OPTIONS': {
> },
> },
> ]
> }}}
>
> 3. Create a view, and send a POST request to it in the browser, without
> the CSRF token.
New description:
When a CSRF error is raised in debug mode, the technical page require
DjangoTemplates to be rendered. If you have your TEMPLATES setting
configured without a DjangoTemplates entry, you will instead get an
''ImproperlyConfigured: No DjangoTemplates backend is configured.'' error.
This can be resolved if you add a DjangoTemplates entry to the TEMPLATES
setting, but since many error pages (500, 404, etc.) work without
DjangoTemplates, this one probably should, too.
To reproduce:
1. Create a new project.
2. Change the TEMPLATES setting to ''not'' include a DjangoTemplates
entry, e.g.
{{{
TEMPLATES = [
{
'BACKEND': 'django.template.backends.jinja2.Jinja2',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
},
},
]
}}}
3. Create a view, and send a POST request to it in the browser, without
the CSRF token.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/24389#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/066.1a82294cbf5cc6e8272fb94f06a5e760%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
