I use Django 1.4. I created 403.html file in the same directory as 404.html (404 error page works fine). Yes, I read this. Then I turn off cookies in my browser, try to login and see the default 403-error page, not mine 403.html page:
Forbidden (403)
CSRF verification failed. Request aborted.
More information is available with DEBUG=True.
I restarted Apache, but it doesnt help.
How to fix it? Thanks
This is not the default 403-error page. You are seeing this message because the CSRF middleware does not work when cookies are disabled.
Your custom 403 template has no effect because the CSRF middleware does not use the general 403 view, but the view defined by the setting CSRF_FAILURE_VIEW
, which is defined in django.conf.global_settings as django.views.csrf.csrf_failure
. As you can see in the source, the message you are seeing is hardcoded in the view.
You could create your own CSRF_FAILURE_VIEW
, but that is probably not what you want. I suggest you leave everything as it is and just delete the cookies or use another browser to test as unauthenticated user.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With