Opened 9 months ago
Closed 9 months ago
#34953 closed Bug (invalid)
CSRF verification fails even with CSRF middleware commented out
| Reported by: | Fabio Araujo | Owned by: | nobody |
|---|---|---|---|
| Component: | CSRF | Version: | 4.2 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I'm running Django 4.2.5 in a development environment and the CSRF middleware is not behaving as expected.
First, it was raising CSRF verification fail even when I knew the requests were being made from my own application. This happens inconsistently. Sometimes just by refreshing the page it works.
So I set the CSRF_TRUSTED_ORIGINS to try to get it working. It still behave the same way, sometimes throwing the exception and sometimes not, for the same views.
The next thing I tried was to completely bypass the CSRF verification by commenting out the django.middleware.csrf.CsrfViewMiddleware. To my profound astonishment, it still raises the error even though I thought it should never even check the CSRF token in the first place.
Hello Fabio, thank you for taking the time to create a ticket.
From your description, it seems that the problem may be a configuration issue or something specific of your project. This report seems better suited to be a support request: the best place to get answers to your issue is using any of the user support channels from this link.
Since the goal of this issue tracker is to track issues about Django itself, and your issue seems, at first, to be located in your custom code, I'll be closing this ticket as invalid. If, after debugging, you find out that this is indeed a bug in Django, please re-open with the specific details and please be sure to include a small Django project to reproduce or a failing test case.