Hey, I noticed in the recent profile work that the CSRF middleware has been enabled globally
http://github.com/GeoNode/geonode/commit/6316a68687c3c5b17776c83e0126eddbd432f99a I think currently this is breaking almost everything that does a POST since we have not enabled this in the past and do not have tokens present in forms (especially ones generated by javascript...). It seems like a generally good thing to have enabled imo, but is this something we want enabled for all views? If so, we need do a more careful sweep for things doing POSTs. If not, we should use the csrf_protect decorator in the places where it is specifically necessary. - Luke
