[Django] #32329: CSRF failure incorrectly reported when there is a problem

[Django]

#32329: CSRF failure incorrectly reported when there is a problem
-------------------------------------+-------------------------------------
               Reporter:  IO5        |          Owner:  nobody
                   Type:             |         Status:  new
  Uncategorized                      |
              Component:  File       |        Version:  3.1
  uploads/storage                    |
               Severity:  Normal     |       Keywords:  uploads csrf admin
           Triage Stage:             |      Has patch:  0
  Unreviewed                         |
    Needs documentation:  0          |    Needs tests:  0
Patch needs improvement:  0          |  Easy pickings:  0
                  UI/UX:  0          |
-------------------------------------+-------------------------------------
 Minimal reproduction app is in the attachment, although the only changes
 from the default template are:
 csrfbug/settings.py:
 {{{
 MEDIA_URL = '/media/'
 MEDIA_ROOT = 'media/'
 FILE_UPLOAD_MAX_MEMORY_SIZE = 1024 * 1024
 FILE_UPLOAD_TEMP_DIR = MEDIA_ROOT + 'tmp'
 }}}
 app/models.py
 {{{
 class File(models.Model):
     file = models.FileField()
 }}}
 app/admin.py
 {{{
 from .models import File
 admin.site.register(File)
 }}}

 == Required setup for the attached app:
 {{{
 python manage.py migrate
 python manage.py createsuperuser
 }}}

 == Steps to reproduce
 1) runserver
 2) navigate and login to /admin/
 3) navigate to /admin/app/file/add/

 Scenario 1. default state - file uploads works as expected
 Scenario 2. remove media/tmp directory - file uploads works only for files
 that fit in FILE_UPLOAD_MAX_MEMORY_SIZE, error otherwise (see below)
 Scenario 3. remove whole media directory - error reported for all file
 uploads (see below)

 == Exact error message:
 Forbidden (403)
 CSRF verification failed. Request aborted.
 Reason given for failure: CSRF token missing or incorrect.

 == Expected behaviour:
 Filesystem error or similar reporting incorrect media storage setup.

 == Comment:
 Yes, the setup in this scenario is invalid to begin with, but the error
 message has nothing to do with the actual problem.
 I suspect a real problem with an underlying filesystem will also get
 covered in the same way.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/32329>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/046.8f6b7958600a7f97fa7c3bef36d0163f%40djangoproject.com.