I just got an e-mail from someone trying to install NAV with Django 1.2. He was unable to log in to NAV, as the login page would produce a non-descriptive error about a CSRF token not being present.
The user solved his Django 1.2 problem by following the steps in this blog post: http://josh.gourneau.com/blog/2010/02/17/django-12-csrf-verification-failed/
The Django documentation for Cross Site Request Forgery protection is here: http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#how-to-use-it
I'm not quite sure why this affects NAV; I'm not aware that we have employed any of this before, and we don't use the Django admin interface. Any suggestions to how we could solve this to work for Django versions 1.0 through 1.2?
I'm not quite sure why this affects NAV; I'm not aware that we have employed any of this before, and we don't use the Django admin interface. Any suggestions to how we could solve this to work for Django versions 1.0 through 1.2?
Ugly solution could be something like
if float(django.get_version()[:3]) >= 1.2: MIDDLEWARE_CLASSES += ( 'django.middleware.csrf.CsrfResponseMiddleware', 'django.middleware.csrf.CsrfMiddleware', )
Not testet, but something like that should work, allthough the steps could just be added to the INSTALL-file as a note when using django >= 1.2
- K
-
Kristian Klette -
Morten Brekkevold