#24389 closed Bug (fixed)
CSRF error page requires DjangoTemplates backend
Description (last modified by ) ¶
When a CSRF error is raised in debug mode, the technical page require DjangoTemplates to be rendered. If you have your TEMPLATES setting configured without a DjangoTemplates entry, you will instead get an ImproperlyConfigured: No DjangoTemplates backend is configured. error. This can be resolved if you add a DjangoTemplates entry to the TEMPLATES setting, but since many error pages (500, 404, etc.) work without DjangoTemplates, this one probably should, too.
To reproduce:
- Create a new project.
- Change the TEMPLATES setting to not include a DjangoTemplates entry, e.g.
TEMPLATES = [ { 'BACKEND': 'django.template.backends.jinja2.Jinja2', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': { }, }, ]
- Create a view, and send a POST request to it in the browser, without the CSRF token.
Change History (7)
comment:1 by , 10 years ago
Description: | modified (diff) |
---|
comment:2 by , 10 years ago
comment:3 by , 10 years ago
Owner: | changed from | to
---|---|
Severity: | Normal → Release blocker |
Status: | new → assigned |
Triage Stage: | Unreviewed → Accepted |
Indeed, I forgot to render the CSRF failure view with a bare-bones Engines like I did for the debug views.
comment:4 by , 10 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
I dug into this a bit, and the reason this is happening is that django.views.csrf.csrf_failure is hard-wired to use django.template.Template, while other error pages (in django.views.debug) use Engine(debug=True).from_string instead. Changing
to
resolves the problem. Should this be configured with debug=True as in django.views.debug? Things seem to work both with and without that parameter.