CSRF error page requires DjangoTemplates backend
When a CSRF error is raised in debug mode, the technical page require DjangoTemplates to be rendered. If you have your TEMPLATES setting configured without a DjangoTemplates entry, you will instead get an ImproperlyConfigured: No DjangoTemplates backend is configured. error. This can be resolved if you add a DjangoTemplates entry to the TEMPLATES setting, but since many error pages (500, 404, etc.) work without DjangoTemplates, this one probably should, too.
To reproduce:
- Create a new project.
- Change the TEMPLATES setting to not include a DjangoTemplates entry, e.g.
TEMPLATES = [
{
'BACKEND': 'django.template.backends.jinja2.Jinja2',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
},
},
]
- Create a view, and send a POST request to it in the browser, without the CSRF token.
Change History
(7)
Description: |
modified (diff)
|
Owner: |
changed from nobody to Aymeric Augustin
|
Severity: |
Normal → Release blocker
|
Status: |
new → assigned
|
Triage Stage: |
Unreviewed → Accepted
|
Resolution: |
→ fixed
|
Status: |
assigned → closed
|
I dug into this a bit, and the reason this is happening is that django.views.csrf.csrf_failure is hard-wired to use django.template.Template, while other error pages (in django.views.debug) use Engine(debug=True).from_string instead. Changing
to
resolves the problem. Should this be configured with debug=True as in django.views.debug? Things seem to work both with and without that parameter.