Here are the docs for the CSRF prevention system in Django, which is generating the error you're reporting. In this case disabling the CSRF system should be safe (the ajax_lookup API does not modify anything so cross-site requests should not be exploitable).
http://docs.djangoproject.com/en/1.2/ref/contrib/csrf/ -- David Winslow OpenGeo - http://opengeo.org/ On Mon, Mar 7, 2011 at 8:14 AM, Simone Dalmasso < [email protected]> wrote: > Hi, > this morning I tried with a new checkout and a new build. I've also created > a new clean database. but the CSRF error is still here, when I access the > page "data/upload" I see the ajax_lookup 403 error and I cannot upload any > data. In the page "maps/new" I get the same error if i try to save the map. > Is there anything else I can do? > > Thanks for your help. > > 2011/3/4 David Winslow <[email protected]> > > Well, I haven't seen that issue, but I did merge in some pretty extensive >> changes to the way permissions are set late yesterday. Perhaps you could >> join the IRC channel (#geonode on irc.freenode.net) and we could discuss >> further there. Meanwhile I will attempt to reproduce the behavior locally. >> >> -- >> David Winslow >> OpenGeo - http://opengeo.org/ >> >> >> On Fri, Mar 4, 2011 at 10:45 AM, Simone Dalmasso < >> [email protected]> wrote: >> >>> Thanks David, >>> I deployed a fresh checkout from the git repository and the problem is >>> solved. >>> However I still have an error that was already present in the 1.0 >>> version. While accessing to the "data/layername" URL, I get a "CSRF token >>> missing or incorrect" error, even if I'm logged in and I try to modify my >>> layers' permissions. >>> >>> Any suggestions? >>> >>> Thanks in advance >>> >>> Simone >>> >>> 2011/3/2 David Winslow <[email protected]> >>> >>> I don't see a reason for the error in the stack trace either. However, >>>> we are no longer using the path_extrapolate method on our master branch. >>>> There should be a new release of GeoNode coming out this week based on >>>> that >>>> branch so it will probably avoid this issue. >>>> >>>> -- >>>> David Winslow >>>> OpenGeo - http://opengeo.org/ >>>> >>>> >>>> On Wed, Mar 2, 2011 at 4:13 AM, Simone Dalmasso < >>>> [email protected]> wrote: >>>> >>>>> Hi list, I recently deployed Geonode on a virtual machine with Debian >>>>> 6, all was fine so now I've done the same thing on a physical machine with >>>>> the same OS. >>>>> What i get while accessing at "localhost" is the following error: >>>>> >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] mod_wsgi >>>>> (pid=3764): Exception occurred processing WSGI script >>>>> '/var/www/geonode/wsgi/geonode.wsgi'. >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] Traceback (most >>>>> recent call last): >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] File >>>>> "/usr/lib/pymodules/python2.6/django/core/handlers/wsgi.py", line 230, in >>>>> __call__ >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] >>>>> self.load_middleware() >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] File >>>>> "/usr/lib/pymodules/python2.6/django/core/handlers/base.py", line 33, in >>>>> load_middleware >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] for >>>>> middleware_path in settings.MIDDLEWARE_CLASSES: >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] File >>>>> "/usr/lib/pymodules/python2.6/django/utils/functional.py", line 276, in >>>>> __getattr__ >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] self._setup() >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] File >>>>> "/usr/lib/pymodules/python2.6/django/conf/__init__.py", line 40, in _setup >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] self._wrapped >>>>> = Settings(settings_module) >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] File >>>>> "/usr/lib/pymodules/python2.6/django/conf/__init__.py", line 73, in >>>>> __init__ >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] mod = >>>>> importlib.import_module(self.SETTINGS_MODULE) >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] File >>>>> "/usr/lib/pymodules/python2.6/django/utils/importlib.py", line 35, in >>>>> import_module >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] >>>>> __import__(name) >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] File >>>>> "/var/www/geonode/wsgi/geonode/src/GeoNodePy/geonode/settings.py", line >>>>> 103, >>>>> in <module> >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] >>>>> path_extrapolate('django/contrib/admin/templates', 'django'), >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] File >>>>> "/var/www/geonode/wsgi/geonode/src/GeoNodePy/geonode/utils.py", line 9, in >>>>> path_extrapolate >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] return >>>>> pkg_resources.resource_filename(req, stub) >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] File >>>>> "/var/www/geonode/wsgi/geonode/lib/python2.6/site-packages/setuptools-0.6c11-py2.6.egg/pkg_resources.py", >>>>> line 882, in resource_filename >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] self, >>>>> resource_name >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] File >>>>> "/var/www/geonode/wsgi/geonode/lib/python2.6/site-packages/setuptools-0.6c11-py2.6.egg/pkg_resources.py", >>>>> line 1161, in get_resource_filename >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] return >>>>> self._fn(self.module_path, resource_name) >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] File >>>>> "/var/www/geonode/wsgi/geonode/lib/python2.6/site-packages/setuptools-0.6c11-py2.6.egg/pkg_resources.py", >>>>> line 1233, in _fn >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] return >>>>> os.path.join(base, *resource_name.split('/')) >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] File >>>>> "/usr/lib/python2.6/posixpath.py", line 67, in join >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] elif path == >>>>> '' or path.endswith('/'): >>>>> [Wed Mar 02 12:07:27 2011] [error] [client 127.0.0.1] AttributeError: >>>>> 'NoneType' object has no attribute 'endswith' >>>>> >>>>> This error disappear if I comment the line 103 of the settings.py which >>>>> is "path_extrapolate('django/contrib/admin/templates', 'django'),", >>>>> however >>>>> I cannot understand why this occurs. >>>>> Thanks in advance. >>>>> >>>>> Simone Dalmasso, Ing. >>>>> ITHACA >>>>> Information Technology for Humanitarian Assistance, Cooperation and >>>>> Action >>>>> www.ithacaweb.org >>>>> Via Pier Carlo Boggio 61 - 10138 Torino >>>>> Tel: +39.011.1975.1854 >>>>> >>>> >>>> >>> >>> >>> -- >>> Simone Dalmasso, Ing. >>> ITHACA >>> Information Technology for Humanitarian Assistance, Cooperation and >>> Action >>> www.ithacaweb.org >>> Via Pier Carlo Boggio 61 - 10138 Torino >>> Tel: +39.011.1975.1854 >>> >> >> > > > -- > Simone Dalmasso, Ing. > ITHACA > Information Technology for Humanitarian Assistance, Cooperation and Action > www.ithacaweb.org > Via Pier Carlo Boggio 61 - 10138 Torino > Tel: +39.011.1975.1854 >
