Re: CSRF gone haywire
2009/11/27 Tim Valenta: > Also, I've figured out just now while rereading the reply I got, that > "AFAIK" must mean "as far as I know". Please... can we not use > ridiculous short forms for a language that works better when not > profusely abbreviated? That would have been a hundred times harder to > figure out if I were a not a native speaker of English. I can handle > a few of those, like IMHO, but I can't say that I've come across > "AFAIK" often enough to compute that in record time. > You must be joking :) -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: CSRF gone haywire
Okay... so here's the problem. I've been using a template override for change_form.html to always check the object-tools block and add things in there. I tried to be more modular about it, but it never seemed to work out quite right. So I'm overriding the entire template on my own, and I must have copied the template from admin-ui (where, as pointed out, and as I knew already, admin-ui doesn't implement the CSRF system). Consequently, my overridden template was working great, until I got off of the admin-ui branch. Everything started failing like crazy :) Lesson to be learned: Don't accidentally copy a template from a branch. Also, I've figured out just now while rereading the reply I got, that "AFAIK" must mean "as far as I know". Please... can we not use ridiculous short forms for a language that works better when not profusely abbreviated? That would have been a hundred times harder to figure out if I were a not a native speaker of English. I can handle a few of those, like IMHO, but I can't say that I've come across "AFAIK" often enough to compute that in record time. Tim On Nov 27, 10:22 am, Tim Valentawrote: > > AFAIK admin uses CSRF by default in SVN version. > > I'm sorry, but I have no idea what that means. What is "AFAIK"? > > I've read that page you've linked to, and I fail to see what I've done > wrong (since I didn't explicitly *do* anything). > > Tim > > On Nov 27, 10:18 am, rebus_ wrote: > > > > > 2009/11/27 Tim Valenta : > > > > Has anybody else experienced a senseless failure of the dev trunk's > > > CSRF verification? Very suddenly this morning, Django won't let me > > > change anything in my admin sites. I didn't update my copy of the SVN > > > trunk, but as soon as I took myself off of the admin-ui branch, it > > > flipped out. > > > > Step by step, all I did was move my copy of the main trunk to > > > "_django" instead of "django". I then uncompressed the admin-ui > > > branch to "django" as a replacement. All was well. There are some > > > broken "Add new item" links in that branch, and I got sick of it not > > > working. So I moved my admin-ui trunk to "admin-ui" for safekeeping, > > > and then put back my original copy of the main trunk. > > > > Everything seemed right and good in the world, but for some reason the > > > changelist view wouldn't show any items in its list. Every model > > > suffered from the lack of display. It was weird. It showed a correct > > > total number of items that *should* have been in the list, but no > > > items were present. The HTML was literally not there. > > > > And when I jump directly to a changeform page via the id I knew I was > > > working with, the page would should up, but saving the model keeps > > > triggering the CSRF error response. I don't think the CSRF token is > > > being rendered in the changeform. > > > > Has anybody else experienced this? I seriously haven't touched my > > > copy of the main trunk between my little adventure with the admin-ui > > > branch. For good measure, I updated the repository just now, and it > > > didn't fix it. I removed all of the .pyc files in the Django > > > directory and my project home. > > > > I'm just totally at a loss for what happened. I've dropped the > > > database and rebuilt it... no luck. I'm ready to swear that I didn't > > > change anything at all, and I don't use the CSRF system explicitly, so > > > it's not like I've got bad imports. > > > > Any help? > > > AFAIK admin uses CSRF by default in SVN version. > > >http://docs.djangoproject.com/en/dev/ref/contrib/csrf/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: CSRF gone haywire
> AFAIK admin uses CSRF by default in SVN version. I'm sorry, but I have no idea what that means. What is "AFAIK"? I've read that page you've linked to, and I fail to see what I've done wrong (since I didn't explicitly *do* anything). Tim On Nov 27, 10:18 am, rebus_wrote: > 2009/11/27 Tim Valenta : > > > > > > > Has anybody else experienced a senseless failure of the dev trunk's > > CSRF verification? Very suddenly this morning, Django won't let me > > change anything in my admin sites. I didn't update my copy of the SVN > > trunk, but as soon as I took myself off of the admin-ui branch, it > > flipped out. > > > Step by step, all I did was move my copy of the main trunk to > > "_django" instead of "django". I then uncompressed the admin-ui > > branch to "django" as a replacement. All was well. There are some > > broken "Add new item" links in that branch, and I got sick of it not > > working. So I moved my admin-ui trunk to "admin-ui" for safekeeping, > > and then put back my original copy of the main trunk. > > > Everything seemed right and good in the world, but for some reason the > > changelist view wouldn't show any items in its list. Every model > > suffered from the lack of display. It was weird. It showed a correct > > total number of items that *should* have been in the list, but no > > items were present. The HTML was literally not there. > > > And when I jump directly to a changeform page via the id I knew I was > > working with, the page would should up, but saving the model keeps > > triggering the CSRF error response. I don't think the CSRF token is > > being rendered in the changeform. > > > Has anybody else experienced this? I seriously haven't touched my > > copy of the main trunk between my little adventure with the admin-ui > > branch. For good measure, I updated the repository just now, and it > > didn't fix it. I removed all of the .pyc files in the Django > > directory and my project home. > > > I'm just totally at a loss for what happened. I've dropped the > > database and rebuilt it... no luck. I'm ready to swear that I didn't > > change anything at all, and I don't use the CSRF system explicitly, so > > it's not like I've got bad imports. > > > Any help? > > AFAIK admin uses CSRF by default in SVN version. > > http://docs.djangoproject.com/en/dev/ref/contrib/csrf/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: CSRF gone haywire
2009/11/27 Tim Valenta: > Has anybody else experienced a senseless failure of the dev trunk's > CSRF verification? Very suddenly this morning, Django won't let me > change anything in my admin sites. I didn't update my copy of the SVN > trunk, but as soon as I took myself off of the admin-ui branch, it > flipped out. > > Step by step, all I did was move my copy of the main trunk to > "_django" instead of "django". I then uncompressed the admin-ui > branch to "django" as a replacement. All was well. There are some > broken "Add new item" links in that branch, and I got sick of it not > working. So I moved my admin-ui trunk to "admin-ui" for safekeeping, > and then put back my original copy of the main trunk. > > Everything seemed right and good in the world, but for some reason the > changelist view wouldn't show any items in its list. Every model > suffered from the lack of display. It was weird. It showed a correct > total number of items that *should* have been in the list, but no > items were present. The HTML was literally not there. > > And when I jump directly to a changeform page via the id I knew I was > working with, the page would should up, but saving the model keeps > triggering the CSRF error response. I don't think the CSRF token is > being rendered in the changeform. > > Has anybody else experienced this? I seriously haven't touched my > copy of the main trunk between my little adventure with the admin-ui > branch. For good measure, I updated the repository just now, and it > didn't fix it. I removed all of the .pyc files in the Django > directory and my project home. > > I'm just totally at a loss for what happened. I've dropped the > database and rebuilt it... no luck. I'm ready to swear that I didn't > change anything at all, and I don't use the CSRF system explicitly, so > it's not like I've got bad imports. > > Any help? > AFAIK admin uses CSRF by default in SVN version. http://docs.djangoproject.com/en/dev/ref/contrib/csrf/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
CSRF gone haywire
Has anybody else experienced a senseless failure of the dev trunk's CSRF verification? Very suddenly this morning, Django won't let me change anything in my admin sites. I didn't update my copy of the SVN trunk, but as soon as I took myself off of the admin-ui branch, it flipped out. Step by step, all I did was move my copy of the main trunk to "_django" instead of "django". I then uncompressed the admin-ui branch to "django" as a replacement. All was well. There are some broken "Add new item" links in that branch, and I got sick of it not working. So I moved my admin-ui trunk to "admin-ui" for safekeeping, and then put back my original copy of the main trunk. Everything seemed right and good in the world, but for some reason the changelist view wouldn't show any items in its list. Every model suffered from the lack of display. It was weird. It showed a correct total number of items that *should* have been in the list, but no items were present. The HTML was literally not there. And when I jump directly to a changeform page via the id I knew I was working with, the page would should up, but saving the model keeps triggering the CSRF error response. I don't think the CSRF token is being rendered in the changeform. Has anybody else experienced this? I seriously haven't touched my copy of the main trunk between my little adventure with the admin-ui branch. For good measure, I updated the repository just now, and it didn't fix it. I removed all of the .pyc files in the Django directory and my project home. I'm just totally at a loss for what happened. I've dropped the database and rebuilt it... no luck. I'm ready to swear that I didn't change anything at all, and I don't use the CSRF system explicitly, so it's not like I've got bad imports. Any help? -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.