I'm getting many failures from the CSRF Django middleware on my site (the version from SVN trunk.) The only errors I get are: CSRF failure: reason=CSRF token missing or incorrect.
How could I diagnose where these CSRF errors are coming from? I can't cause the CSRF errors myself, but I setup the site to email me whenever the CSRF error view is triggered so I know that it is happening often.
I really struggled to get it right, but eventually did. Here were my main issues (Django 1.2 beta):
Make sure that your settings emails are all the right ones. I had to do something like this:
EMAIL_HOST='mail.my-domain.com' EMAIL_HOST_USER='my user name on the server' EMAIL_HOST_PASSWORD='passwd' EMAIL_PORT= '26' # often seems to be 25 or 26 on many of the forum posts I read DEFAULT_FROM_EMAIL='[email protected]' # on hosted domains, make sure it is set up and sending SERVER_EMAIL = '[email protected]' # Same email as above
return render_to_response('contact.htm',{'favicon':r'____.ico', 'more_stuff':"......" 'more_stuff':"......" 'more_stuff':"......" }, context_instance = RequestContext(request))
Make sure you have:
TEMPLATE_CONTEXT_PROCESSORS = (
"django.contrib.auth.context_processors.csrf",
.....
)
in your settings.py file.
Note that this is really not a how to, this is just what I did to get mine working. The reason for posting it now is that I see so many people on forums discussing this topic resort to just turning the csrf_token off.
A CSRF error should happen when the middleware successfully stops a Cross Site Request Forgery attack. Probably the best way to verify that this is the case it to check your web server logs and you should see requests that aren't related to an earlier request.
Also you should check the order of the MIDDLEWARE_CLASSES
in your settings.py
file. Should look something like this:
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.locale.LocaleMiddleware',
)
LocaleMiddleware
at the end.
For me, the solution was the RequestContext
instance and the ordering.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With