id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
30282	CSRF token invalid after DELETE request	My-Tien Nguyen	nobody	"I am using a RESTful API in my django server with CSRF Middleware enabled.
When I only use GET and POST requests, all works as expected. But when I send a DELETE request to a resource and afterwards perform a POST request 
– that contains a csrf cookie and csrfmiddlewaretoken in body – the latter is rejected with `CSRF token missing or incorrect` and I have to login again.

DELETE request Headers:
- REQUEST_METHOD: DELETE
- CONTENT_TYPE: ""application/x-www-form-urlencoded""
- HTTP_COOKIE: sessionid=[session id], csrftoken=[csrfcookie]
- HTTP_X_CSRFTOKEN: [csrfcookie] (I also don’t understand why DELETE needs this extra header with the same content as the csrftoken…)
- HTTP_REFERER: [url]

DELETE request Body: csrfmiddlewaretoken: [csrfcookie]

"	Bug	closed	CSRF	2.1	Normal	invalid	CSRF RESTful-API DELETE		Unreviewed	0	0	0	0	0	0