#34953: CSRF verification fails even with CSRF middleware commented out
----------------------------------------+------------------------
Reporter: Fabio Araujo | Owner: nobody
Type: Bug | Status: new
Component: CSRF | Version: 4.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
----------------------------------------+------------------------
I'm running Django 4.2.5 in a development environment and the CSRF
middleware is not behaving as expected.
First, it was raising CSRF verification fail even when I knew the requests
were being made from my own application. This happens inconsistently.
Sometimes just by refreshing the page it works.
So I set the CSRF_TRUSTED_ORIGINS to try to get it working. It still
behave the same way, sometimes throwing the exception and sometimes not,
for the same views.
The next thing I tried was to completely bypass the CSRF verification by
commenting out the `django.middleware.csrf.CsrfViewMiddleware`. To my
profound astonishment, it still raises the error even though I thought it
should never even check the CSRF token in the first place.
--
Ticket URL: <https://code.djangoproject.com/ticket/34953>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107018baab67d53-9485b850-372e-41ff-8885-85041b3094ec-000000%40eu-central-1.amazonses.com.
