id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
21322	Cookie-averse users get CSRF failure without a clear explanation	Ole Laursen	Bouke Haarsma	"This easiest way to see this it to start a new project, set DEBUG=False, start the dev server, disable cookies in the browser and go to /admin/ and try to login. The result is an inexplicable (to an end-user) ""403 CSRF verification failed"".

The CSRF view already gives a relatively friendly (although not translated) explanation if Referer headers are turned off. I suggest adding one for a non-existing cookie too, patch attached against latest trunk.

I'm attaching a little test project in a tarball.

I think this is an old problem, the patch here was originally against 1.2 (credit goes to Henrik Levkowetz)."	Cleanup/optimization	closed	CSRF	dev	Normal	fixed		Bouke Haarsma	Accepted	1	0	0	0	0	0