id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
35062	Update csrf.py to check request.POST if request.method is not GET	Peter Jones	nobody	"When trying to determine request_csrf_token within csrf.py, request.method == ""POST"" fails (CSRF token missing) if you use custom middle ware that handles a form field _method to convert request.method to PUT/DELETE... etc. I use this middle ware since HTML forms can only use GET and POST, and I want my page to work even when JavaScript is disabled.

Change django/middleware/csrf.py (line 365)
        if request.method == ""POST"":

To
        if request.method != ""GET"":

"	Bug	closed	CSRF	4.2	Normal	invalid		Mirza Baig	Unreviewed	0	0	0	0	1	0