Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

#14565 closed (fixed)

No csrf_token on 404 pages

Reported by: Gert Van Gool Owned by: nobody
Component: Uncategorized Version: 1.2
Severity: Keywords: csrf
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

You can't use {% csrf_token %} on a 404 page.

I've also posted this on django-developers.

Attachments (1)

add_csrf_protect.diff (790 bytes ) - added by Gert Van Gool 14 years ago.

Download all attachments as: .zip

Change History (8)

by Gert Van Gool, 14 years ago

Attachment: add_csrf_protect.diff added

comment:1 by Gert Van Gool, 14 years ago

Note that it's fixed the same way as #12358.

comment:2 by Luke Plant, 14 years ago

Resolution: fixed
Status: newclosed

(In [14356]) Fixed #14565 - No csrf_token on 404 pages

Thanks to gvangool for report and patch.

comment:3 by Luke Plant, 14 years ago

(In [14357]) [1.2.X] Fixed #14565 - No csrf_token on 404 pages

Thanks to gvangool for report and patch.

Backport of [14356] from trunk.

comment:4 by Luke Plant, 14 years ago

(In [14376]) Reverted changeset [14356]

That fix for #14565 introduced test failures. A better fix will
follow shortly.

Refs #14565

comment:5 by Luke Plant, 14 years ago

(In [14377]) Fixed #14565 - No csrf_token on 404 page.

This solution doesn't have the negative side-effects of [14356].

comment:6 by Luke Plant, 14 years ago

(In [14379]) [1.2.X] Reverted changeset [14356]

That fix for #14565 introduced test failures. A better fix will
follow shortly.

Refs #14565

Backport of [14376] from trunk.

comment:7 by Luke Plant, 14 years ago

(In [14380]) [1.2.X] Fixed #14565 - No csrf_token on 404 page.

This solution doesn't have the negative side-effects of [14356].

Backport of [14377] from trunk.

Note: See TracTickets for help on using tickets.
Back to Top