Am Dienstag, 13. Mai 2014 19:15:27 UTC+2 schrieb Tom Evans:
> On Tue, May 13, 2014 at 4:36 PM, hinnack <henrik....@miadi.net<javascript:>>
> wrote:
> >
> > Am Dienstag, 13. Mai 2014 16:48:57 UTC+2 schrieb Tom Evans:
> >>
> >> On Tue, May 13, 2014 at 2:49 PM, hinnack <henrik....@miadi.net> wrote:
> >> > Hi,
> >> >
> >> > how can I turn off csrf completely - even in the admin interface?
> >> >
> >> > My base problem is, that with IE11 (and only IE11) I can not save any
> >> > form
> >> > in the admin interface. I always get:
> >> >
> >> > CSRF verification failed. Request aborted
> >>
> >> That message comes from django.views.csrf.csrf_failure. This view is
> >> only called from the csrf middleware..
> >>
> >> >
> >> >
> >> > I have no csrf middleware set. What else must be done?
> >> >
> >>
> >> ... which suggests this is not true - re-check that you have actually
> >> removed it, go to a django shell, type these commands:
> >>
> >> from django.conf import settings
> >> settings.MIDDLEWARE_CLASSES
> >>
> >> is CsrfViewMiddleware listed there? If it isn't, have you tried
> >> turning it off and then on again?
> >>
> >> Cheers
> >>
> >> Tom
> >
> >
> > Thanks Tom,
> >
> > but I definitely did that - here is the result:
> > ('django.middleware.common.CommonMiddleware',
> > 'django.contrib.sessions.middleware.SessionMiddleware',
> > 'schiwago.middleware.header.ResponseInjectHeader',
> > 'schiwago.middleware.auth.BasicAuthMiddleware',
> > 'django.contrib.messages.middleware.MessageMiddleware',
> > 'django.middleware.transaction.TransactionMiddleware')
> >
>
> Well, look:
>
> The message you report comes from the csrf failure view:
>
> https://github.com/django/django/blob/stable/1.6.x/django/views/csrf.py#L34
>
> The csrf failure view is only invoked from one place, the csrf middleware:
>
>
> https://github.com/django/django/blob/stable/1.6.x/django/middleware/csrf.py#L94
>
>
>
> > What do you mean by turn on/off again? Enable the CsrfViewMiddleware
> again?
>
> Sorry, this was a bad joke from a UK TV show, "The IT Crowd", they
> first question they ask is "have you tried turning it off and then on
> again".
>
> I was referring to the server itself - have you restarted the server
> since making the change. Making the change in the settings.py would
> have it reflected in a new django shell, but not in an already running
> webserver.
>
> Cheers
>
> Tom
>
:-)
I think, you can not deactivate csrf in the admin interface anymore…
It is used somewhere as a decorator as make_middleware_decorator is called
for it…
Is this the expected behavior? Or is there a setting I overlooked?
regards,
Hinnack
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/50910172-895b-44ce-8a01-0fa4235872fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
