Hi there, Ran into some unexpected CSRF behavior - not sure if it's desired or a bug. An AJAX request that includes the "X-Requested-With: XMLHttpRequest" header but does not include csrf token will bypass CSRF middleware. If you hit server error (mine was a TypeError), response has error code 500, as expected. But, if Debug=True, the content of the error message is 403 Forbidden content - thus no information about where the error originated - and response code is still 500.
I couldn't find any documentation or discussion about why this would be desired. Is it a bug? Thanks, Brett -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
