Am Dienstag, 13. Mai 2014 19:15:27 UTC+2 schrieb Tom Evans: > On Tue, May 13, 2014 at 4:36 PM, hinnack <[email protected]<javascript:>> > wrote: > > > > Am Dienstag, 13. Mai 2014 16:48:57 UTC+2 schrieb Tom Evans: > >> > >> On Tue, May 13, 2014 at 2:49 PM, hinnack <[email protected]> wrote: > >> > Hi, > >> > > >> > how can I turn off csrf completely - even in the admin interface? > >> > > >> > My base problem is, that with IE11 (and only IE11) I can not save any > >> > form > >> > in the admin interface. I always get: > >> > > >> > CSRF verification failed. Request aborted > >> > >> That message comes from django.views.csrf.csrf_failure. This view is > >> only called from the csrf middleware.. > >> > >> > > >> > > >> > I have no csrf middleware set. What else must be done? > >> > > >> > >> ... which suggests this is not true - re-check that you have actually > >> removed it, go to a django shell, type these commands: > >> > >> from django.conf import settings > >> settings.MIDDLEWARE_CLASSES > >> > >> is CsrfViewMiddleware listed there? If it isn't, have you tried > >> turning it off and then on again? > >> > >> Cheers > >> > >> Tom > > > > > > Thanks Tom, > > > > but I definitely did that - here is the result: > > ('django.middleware.common.CommonMiddleware', > > 'django.contrib.sessions.middleware.SessionMiddleware', > > 'schiwago.middleware.header.ResponseInjectHeader', > > 'schiwago.middleware.auth.BasicAuthMiddleware', > > 'django.contrib.messages.middleware.MessageMiddleware', > > 'django.middleware.transaction.TransactionMiddleware') > > > > Well, look: > > The message you report comes from the csrf failure view: > > https://github.com/django/django/blob/stable/1.6.x/django/views/csrf.py#L34 > > The csrf failure view is only invoked from one place, the csrf middleware: > > > https://github.com/django/django/blob/stable/1.6.x/django/middleware/csrf.py#L94 > > > > > What do you mean by turn on/off again? Enable the CsrfViewMiddleware > again? > > Sorry, this was a bad joke from a UK TV show, "The IT Crowd", they > first question they ask is "have you tried turning it off and then on > again". > > I was referring to the server itself - have you restarted the server > since making the change. Making the change in the settings.py would > have it reflected in a new django shell, but not in an already running > webserver. > > Cheers > > Tom >
:-) I think, you can not deactivate csrf in the admin interface anymore… It is used somewhere as a decorator as make_middleware_decorator is called for it… Is this the expected behavior? Or is there a setting I overlooked? regards, Hinnack -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/50910172-895b-44ce-8a01-0fa4235872fe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
