id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 5292 CsrfMiddleware does not protect from forged POST request with no data Jakub Wilk Adrian Holovaty django.contrib.csrf.!CrsfMiddleware permits any POST request with no data. This is entirely wrong. closed Contrib apps dev fixed Ready for checkin 1 0 0 0 0 0