Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#14565 closed (fixed)

No csrf_token on 404 pages

Reported by: gvangool Owned by: nobody
Component: Uncategorized Version: 1.2
Severity: Keywords: csrf
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

You can't use {% csrf_token %} on a 404 page.

I've also posted this on django-developers.

Attachments (1)

add_csrf_protect.diff (790 bytes) - added by gvangool 5 years ago.

Download all attachments as: .zip

Change History (8)

Changed 5 years ago by gvangool

comment:1 Changed 5 years ago by gvangool

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

Note that it's fixed the same way as #12358.

comment:2 Changed 5 years ago by lukeplant

  • Resolution set to fixed
  • Status changed from new to closed

(In [14356]) Fixed #14565 - No csrf_token on 404 pages

Thanks to gvangool for report and patch.

comment:3 Changed 5 years ago by lukeplant

(In [14357]) [1.2.X] Fixed #14565 - No csrf_token on 404 pages

Thanks to gvangool for report and patch.

Backport of [14356] from trunk.

comment:4 Changed 5 years ago by lukeplant

(In [14376]) Reverted changeset [14356]

That fix for #14565 introduced test failures. A better fix will
follow shortly.

Refs #14565

comment:5 Changed 5 years ago by lukeplant

(In [14377]) Fixed #14565 - No csrf_token on 404 page.

This solution doesn't have the negative side-effects of [14356].

comment:6 Changed 5 years ago by lukeplant

(In [14379]) [1.2.X] Reverted changeset [14356]

That fix for #14565 introduced test failures. A better fix will
follow shortly.

Refs #14565

Backport of [14376] from trunk.

comment:7 Changed 5 years ago by lukeplant

(In [14380]) [1.2.X] Fixed #14565 - No csrf_token on 404 page.

This solution doesn't have the negative side-effects of [14356].

Backport of [14377] from trunk.

Note: See TracTickets for help on using tickets.
Back to Top