Am Mittwoch, 14. Mai 2014 14:39:27 UTC+2 schrieb hinnack: > Am Dienstag, 13. Mai 2014 19:15:27 UTC+2 schrieb Tom Evans: > >> On Tue, May 13, 2014 at 4:36 PM, hinnack <[email protected]> wrote: >> > >> > Am Dienstag, 13. Mai 2014 16:48:57 UTC+2 schrieb Tom Evans: >> >> >> >> On Tue, May 13, 2014 at 2:49 PM, hinnack <[email protected]> >> wrote: >> >> > Hi, >> >> > >> >> > how can I turn off csrf completely - even in the admin interface? >> >> > >> >> > My base problem is, that with IE11 (and only IE11) I can not save >> any >> >> > form >> >> > in the admin interface. I always get: >> >> > >> >> > CSRF verification failed. Request aborted >> >> >> >> That message comes from django.views.csrf.csrf_failure. This view is >> >> only called from the csrf middleware.. >> >> >> >> > >> >> > >> >> > I have no csrf middleware set. What else must be done? >> >> > >> >> >> >> ... which suggests this is not true - re-check that you have actually >> >> removed it, go to a django shell, type these commands: >> >> >> >> from django.conf import settings >> >> settings.MIDDLEWARE_CLASSES >> >> >> >> is CsrfViewMiddleware listed there? If it isn't, have you tried >> >> turning it off and then on again? >> >> >> >> Cheers >> >> >> >> Tom >> > >> > >> > Thanks Tom, >> > >> > but I definitely did that - here is the result: >> > ('django.middleware.common.CommonMiddleware', >> > 'django.contrib.sessions.middleware.SessionMiddleware', >> > 'schiwago.middleware.header.ResponseInjectHeader', >> > 'schiwago.middleware.auth.BasicAuthMiddleware', >> > 'django.contrib.messages.middleware.MessageMiddleware', >> > 'django.middleware.transaction.TransactionMiddleware') >> > >> >> Well, look: >> >> The message you report comes from the csrf failure view: >> >> >> https://github.com/django/django/blob/stable/1.6.x/django/views/csrf.py#L34 >> >> The csrf failure view is only invoked from one place, the csrf >> middleware: >> >> >> https://github.com/django/django/blob/stable/1.6.x/django/middleware/csrf.py#L94 >> >> >> >> > What do you mean by turn on/off again? Enable the CsrfViewMiddleware >> again? >> >> Sorry, this was a bad joke from a UK TV show, "The IT Crowd", they >> first question they ask is "have you tried turning it off and then on >> again". >> >> I was referring to the server itself - have you restarted the server >> since making the change. Making the change in the settings.py would >> have it reflected in a new django shell, but not in an already running >> webserver. >> >> Cheers >> >> Tom >> > > :-) > > I think, you can not deactivate csrf in the admin interface anymore… > It is used somewhere as a decorator as make_middleware_decorator is called > for it… > > Is this the expected behavior? Or is there a setting I overlooked? > > regards, > Hinnack >
OK doing: setattr(request, '_dont_enforce_csrf_checks', True) in a middleware does the trick. the question remains: Is this expected? Or should the absence of the crsf middleware do set this anyway? or should there be a setting anyway? regards, Hinnack -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/2271592c-fcd7-4e03-90f9-1691dde3f347%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
