When attempting to post a form (without the CSRF middleware being present in MIDDLEWARE_CLASSES), django would *always* return a blank page. If the post contained no data, it would come back fine, but if it did contain data, it would come back blank.
Upon adding the CSRF middleware into the MIDDLEWARE_CLASSES, and adding {% csrf_token %} into the template, it would return back fine (and without csrf_token - it would return back an exception, as it should).
Although it is a good thing that it happened (because I did actually forget to include CSRF middleware), I feel that Django should raise an exception (if this is the default behaviour), to tell the user they must enable CSRF middleware, rather than just returning a blank page.
> When attempting to post a form (without the CSRF middleware being > present in MIDDLEWARE_CLASSES), django would *always* return a blank > page. If the post contained no data, it would come back fine, but if > it did contain data, it would come back blank.
> Upon adding the CSRF middleware into the MIDDLEWARE_CLASSES, and > adding {% csrf_token %} into the template, it would return back fine > (and without csrf_token - it would return back an exception, as it > should).
> Although it is a good thing that it happened (because I did actually > forget to include CSRF middleware), I feel that Django should raise an > exception (if this is the default behaviour), to tell the user they > must enable CSRF middleware, rather than just returning a blank page.
> Any thoughts??
Sgreed, but there isn't enough information here to work out what is going on. Please file a ticket if you can create a test case that will reproduce it. I can't think of any code paths in Django that would return 'a blank page' (though I'm not sure I know what you mean by that).
Luke
-- A mosquito cried out in pain: "A chemist has poisoned my brain!" The cause of his sorrow was para-dichloro- diphenyltrichloroethane
On Wed, Jul 6, 2011 at 5:41 PM, Luke Plant <L.Plant...@cantab.net> wrote: > On 06/07/11 15:43, Cal Leeming [Simplicity Media Ltd] wrote: >> Today I came across a very strange problem.
>> When attempting to post a form (without the CSRF middleware being >> present in MIDDLEWARE_CLASSES), django would *always* return a blank >> page. If the post contained no data, it would come back fine, but if >> it did contain data, it would come back blank.
>> Upon adding the CSRF middleware into the MIDDLEWARE_CLASSES, and >> adding {% csrf_token %} into the template, it would return back fine >> (and without csrf_token - it would return back an exception, as it >> should).
>> Although it is a good thing that it happened (because I did actually >> forget to include CSRF middleware), I feel that Django should raise an >> exception (if this is the default behaviour), to tell the user they >> must enable CSRF middleware, rather than just returning a blank page.
>> Any thoughts??
> Sgreed, but there isn't enough information here to work out what is > going on. Please file a ticket if you can create a test case that will > reproduce it. I can't think of any code paths in Django that would > return 'a blank page' (though I'm not sure I know what you mean by that).
> Luke
> -- > A mosquito cried out in pain: > "A chemist has poisoned my brain!" > The cause of his sorrow > was para-dichloro- > diphenyltrichloroethane
> -- > You received this message because you are subscribed to the Google Groups "Django developers" group. > To post to this group, send email to django-developers@googlegroups.com. > To unsubscribe from this group, send email to django-developers+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
> -- > You received this message because you are subscribed to the Google Groups "Django developers" group. > To post to this group, send email to django-developers@googlegroups.com. > To unsubscribe from this group, send email to django-developers+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
Strange, I performed a bare test and I can't seem to reproduce the problem. I then tried to replicate the problem in the existing code, and it doesn't happen any more.
Some changes were being made earlier today to our L7 traffic inspection appliance, so I suspect this might have been the reason for the blank result on POST (perhaps I hit it in the middle of a change being made to the appliance rules).
Always annoying to not know 100% what caused a bug :X
Thanks for the quick response anyway, in future I'll make sure to test on a fresh install before posting to django-developers.
Cal
On Wed, Jul 6, 2011 at 7:22 PM, Cal Leeming [Simplicity Media Ltd]
<cal.leem...@simplicitymedialtd.co.uk> wrote: > Ah, okay I'll do it on both 1.2 and 1.3 to determine if it is/was a bug.
> Cal
> On Wed, Jul 6, 2011 at 7:18 PM, Luke Plant <L.Plant...@cantab.net> wrote: >> On 06/07/11 18:12, Cal Leeming [Simplicity Media Ltd] wrote: >>> Hi Luke,
>>> Thanks for the reply.
>>> I'll set up a test case in a fresh 1.2 django instance, and will let >>> you know the results (and the code used).
>> If it's not present in 1.3/trunk, there won't be bug fixes for it >> (unless it is security related).
>> Luke
>> -- >> A mosquito cried out in pain: >> "A chemist has poisoned my brain!" >> The cause of his sorrow >> was para-dichloro- >> diphenyltrichloroethane
>> -- >> You received this message because you are subscribed to the Google Groups "Django developers" group. >> To post to this group, send email to django-developers@googlegroups.com. >> To unsubscribe from this group, send email to django-developers+unsubscribe@googlegroups.com. >> For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
