#32329: CSRF failure incorrectly reported on upload when there is a problem with
storage
--------------------------------------+------------------------------------
Reporter: IO | Owner: nobody
Type: Bug | Status: new
Component: File uploads/storage | Version: 3.1
Severity: Normal | Resolution:
Keywords: uploads csrf admin | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by Tim Graham):
* stage: Unreviewed => Accepted
Comment:
I think the "problem with storage" is that `TemporaryUploadedFile` fails
silently if `FILE_UPLOAD_TEMP_DIR` doesn't exist. That may merit a
separate ticket to add a system check or a more helpful exception if
possible.
I could reproduce this except for "Scenario 3. remove whole media
directory - error reported for all file uploads".
`FileSystemStorage._save()` creates the (`media`) directory if needed so
when `MemoryFileUploadHandler` was used, there was no problem. The problem
seems limited to when `TemporaryFileUploadHandler` is used but
`FILE_UPLOAD_TEMP_DIR` doesn't exist.
I didn't track down exactly why the CSRF error happens or if it can be
fixed, but I'll accept the ticket for investigation.
--
Ticket URL: <https://code.djangoproject.com/ticket/32329#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/061.cde80d69c15c6f7c96f46eef4e5c33d8%40djangoproject.com.
