Re: CSRF gone haywire

[rebus_]

2009/11/27 Tim Valenta :
> Also, I've figured out just now while rereading the reply I got, that
> "AFAIK" must mean "as far as I know".  Please... can we not use
> ridiculous short forms for a language that works better when not
> profusely abbreviated?  That would have been a hundred times harder to
> figure out if I were a not a native speaker of English.  I can handle
> a few of those, like IMHO, but I can't say that I've come across
> "AFAIK" often enough to compute that in record time.
>

You must be joking :)

--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: CSRF gone haywire

[Tim Valenta]

Okay... so here's the problem.

I've been using a template override for change_form.html to always
check the object-tools block and add things in there.  I tried to be
more modular about it, but it never seemed to work out quite right.
So I'm overriding the entire template on my own, and I must have
copied the template from admin-ui (where, as pointed out, and as I
knew already, admin-ui doesn't implement the CSRF system).
Consequently, my overridden template was working great, until I got
off of the admin-ui branch.  Everything started failing like crazy :)

Lesson to be learned: Don't accidentally copy a template from a
branch.


Also, I've figured out just now while rereading the reply I got, that
"AFAIK" must mean "as far as I know".  Please... can we not use
ridiculous short forms for a language that works better when not
profusely abbreviated?  That would have been a hundred times harder to
figure out if I were a not a native speaker of English.  I can handle
a few of those, like IMHO, but I can't say that I've come across
"AFAIK" often enough to compute that in record time.

Tim

On Nov 27, 10:22 am, Tim Valenta  wrote:
> > AFAIK admin uses CSRF by default in SVN version.
>
> I'm sorry, but I have no idea what that means.  What is "AFAIK"?
>
> I've read that page you've linked to, and I fail to see what I've done
> wrong (since I didn't explicitly *do* anything).
>
> Tim
>
> On Nov 27, 10:18 am, rebus_  wrote:
>
>
>
> > 2009/11/27 Tim Valenta :
>
> > > Has anybody else experienced a senseless failure of the dev trunk's
> > > CSRF verification?  Very suddenly this morning, Django won't let me
> > > change anything in my admin sites.  I didn't update my copy of the SVN
> > > trunk, but as soon as I took myself off of the admin-ui branch, it
> > > flipped out.
>
> > > Step by step, all I did was move my copy of the main trunk to
> > > "_django" instead of "django".  I then uncompressed the admin-ui
> > > branch to "django" as a replacement.  All was well.  There are some
> > > broken "Add new item" links in that branch, and I got sick of it not
> > > working.  So I moved my admin-ui trunk to "admin-ui" for safekeeping,
> > > and then put back my original copy of the main trunk.
>
> > > Everything seemed right and good in the world, but for some reason the
> > > changelist view wouldn't show any items in its list.  Every model
> > > suffered from the lack of display.  It was weird.  It showed a correct
> > > total number of items that *should* have been in the list, but no
> > > items were present.  The HTML was literally not there.
>
> > > And when I jump directly to a changeform page via the id I knew I was
> > > working with, the page would should up, but saving the model keeps
> > > triggering the CSRF error response.  I don't think the CSRF token is
> > > being rendered in the changeform.
>
> > > Has anybody else experienced this?  I seriously haven't touched my
> > > copy of the main trunk between my little adventure with the admin-ui
> > > branch.  For good measure, I updated the repository just now, and it
> > > didn't fix it.  I removed all of the .pyc files in the Django
> > > directory and my project home.
>
> > > I'm just totally at a loss for what happened.  I've dropped the
> > > database and rebuilt it... no luck.  I'm ready to swear that I didn't
> > > change anything at all, and I don't use the CSRF system explicitly, so
> > > it's not like I've got bad imports.
>
> > > Any help?
>
> > AFAIK admin uses CSRF by default in SVN version.
>
> >http://docs.djangoproject.com/en/dev/ref/contrib/csrf/

--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: CSRF gone haywire

[Tim Valenta]

> AFAIK admin uses CSRF by default in SVN version.

I'm sorry, but I have no idea what that means.  What is "AFAIK"?

I've read that page you've linked to, and I fail to see what I've done
wrong (since I didn't explicitly *do* anything).

Tim

On Nov 27, 10:18 am, rebus_  wrote:
> 2009/11/27 Tim Valenta :
>
>
>
>
>
> > Has anybody else experienced a senseless failure of the dev trunk's
> > CSRF verification?  Very suddenly this morning, Django won't let me
> > change anything in my admin sites.  I didn't update my copy of the SVN
> > trunk, but as soon as I took myself off of the admin-ui branch, it
> > flipped out.
>
> > Step by step, all I did was move my copy of the main trunk to
> > "_django" instead of "django".  I then uncompressed the admin-ui
> > branch to "django" as a replacement.  All was well.  There are some
> > broken "Add new item" links in that branch, and I got sick of it not
> > working.  So I moved my admin-ui trunk to "admin-ui" for safekeeping,
> > and then put back my original copy of the main trunk.
>
> > Everything seemed right and good in the world, but for some reason the
> > changelist view wouldn't show any items in its list.  Every model
> > suffered from the lack of display.  It was weird.  It showed a correct
> > total number of items that *should* have been in the list, but no
> > items were present.  The HTML was literally not there.
>
> > And when I jump directly to a changeform page via the id I knew I was
> > working with, the page would should up, but saving the model keeps
> > triggering the CSRF error response.  I don't think the CSRF token is
> > being rendered in the changeform.
>
> > Has anybody else experienced this?  I seriously haven't touched my
> > copy of the main trunk between my little adventure with the admin-ui
> > branch.  For good measure, I updated the repository just now, and it
> > didn't fix it.  I removed all of the .pyc files in the Django
> > directory and my project home.
>
> > I'm just totally at a loss for what happened.  I've dropped the
> > database and rebuilt it... no luck.  I'm ready to swear that I didn't
> > change anything at all, and I don't use the CSRF system explicitly, so
> > it's not like I've got bad imports.
>
> > Any help?
>
> AFAIK admin uses CSRF by default in SVN version.
>
> http://docs.djangoproject.com/en/dev/ref/contrib/csrf/

--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: CSRF gone haywire

[rebus_]

2009/11/27 Tim Valenta :
> Has anybody else experienced a senseless failure of the dev trunk's
> CSRF verification?  Very suddenly this morning, Django won't let me
> change anything in my admin sites.  I didn't update my copy of the SVN
> trunk, but as soon as I took myself off of the admin-ui branch, it
> flipped out.
>
> Step by step, all I did was move my copy of the main trunk to
> "_django" instead of "django".  I then uncompressed the admin-ui
> branch to "django" as a replacement.  All was well.  There are some
> broken "Add new item" links in that branch, and I got sick of it not
> working.  So I moved my admin-ui trunk to "admin-ui" for safekeeping,
> and then put back my original copy of the main trunk.
>
> Everything seemed right and good in the world, but for some reason the
> changelist view wouldn't show any items in its list.  Every model
> suffered from the lack of display.  It was weird.  It showed a correct
> total number of items that *should* have been in the list, but no
> items were present.  The HTML was literally not there.
>
> And when I jump directly to a changeform page via the id I knew I was
> working with, the page would should up, but saving the model keeps
> triggering the CSRF error response.  I don't think the CSRF token is
> being rendered in the changeform.
>
> Has anybody else experienced this?  I seriously haven't touched my
> copy of the main trunk between my little adventure with the admin-ui
> branch.  For good measure, I updated the repository just now, and it
> didn't fix it.  I removed all of the .pyc files in the Django
> directory and my project home.
>
> I'm just totally at a loss for what happened.  I've dropped the
> database and rebuilt it... no luck.  I'm ready to swear that I didn't
> change anything at all, and I don't use the CSRF system explicitly, so
> it's not like I've got bad imports.
>
> Any help?
>

AFAIK admin uses CSRF by default in SVN version.

http://docs.djangoproject.com/en/dev/ref/contrib/csrf/

--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

CSRF gone haywire

[Tim Valenta]

Has anybody else experienced a senseless failure of the dev trunk's
CSRF verification?  Very suddenly this morning, Django won't let me
change anything in my admin sites.  I didn't update my copy of the SVN
trunk, but as soon as I took myself off of the admin-ui branch, it
flipped out.

Step by step, all I did was move my copy of the main trunk to
"_django" instead of "django".  I then uncompressed the admin-ui
branch to "django" as a replacement.  All was well.  There are some
broken "Add new item" links in that branch, and I got sick of it not
working.  So I moved my admin-ui trunk to "admin-ui" for safekeeping,
and then put back my original copy of the main trunk.

Everything seemed right and good in the world, but for some reason the
changelist view wouldn't show any items in its list.  Every model
suffered from the lack of display.  It was weird.  It showed a correct
total number of items that *should* have been in the list, but no
items were present.  The HTML was literally not there.

And when I jump directly to a changeform page via the id I knew I was
working with, the page would should up, but saving the model keeps
triggering the CSRF error response.  I don't think the CSRF token is
being rendered in the changeform.

Has anybody else experienced this?  I seriously haven't touched my
copy of the main trunk between my little adventure with the admin-ui
branch.  For good measure, I updated the repository just now, and it
didn't fix it.  I removed all of the .pyc files in the Django
directory and my project home.

I'm just totally at a loss for what happened.  I've dropped the
database and rebuilt it... no luck.  I'm ready to swear that I didn't
change anything at all, and I don't use the CSRF system explicitly, so
it's not like I've got bad imports.

Any help?

--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.