#24389 closed Bug (fixed)
CSRF error page requires DjangoTemplates backend
Description (last modified by ) ¶
When a CSRF error is raised in debug mode, the technical page require DjangoTemplates to be rendered. If you have your TEMPLATES setting configured without a DjangoTemplates entry, you will instead get an ImproperlyConfigured: No DjangoTemplates backend is configured. error. This can be resolved if you add a DjangoTemplates entry to the TEMPLATES setting, but since many error pages (500, 404, etc.) work without DjangoTemplates, this one probably should, too.
To reproduce:
- Create a new project.
- Change the TEMPLATES setting to not include a DjangoTemplates entry, e.g.
TEMPLATES = [
{
'BACKEND': 'django.template.backends.jinja2.Jinja2',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
},
},
]
- Create a view, and send a POST request to it in the browser, without the CSRF token.
Change History (7)
comment:1 by , 10 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 10 years ago
comment:3 by , 10 years ago
| Owner: | changed from to |
|---|---|
| Severity: | Normal → Release blocker |
| Status: | new → assigned |
| Triage Stage: | Unreviewed → Accepted |
Indeed, I forgot to render the CSRF failure view with a bare-bones Engines like I did for the debug views.
comment:4 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
I dug into this a bit, and the reason this is happening is that django.views.csrf.csrf_failure is hard-wired to use django.template.Template, while other error pages (in django.views.debug) use Engine(debug=True).from_string instead. Changing
to
resolves the problem. Should this be configured with debug=True as in django.views.debug? Things seem to work both with and without that parameter.