Blank page returned on POST if csrf middleware is not configured... bug?

[Cal Leeming [Simplicity Media Ltd]]

Today I came across a very strange problem.

When attempting to post a form (without the CSRF middleware being
present in MIDDLEWARE_CLASSES), django would *always* return a blank
page. If the post contained no data, it would come back fine, but if
it did contain data, it would come back blank.

Upon adding the CSRF middleware into the MIDDLEWARE_CLASSES, and
adding {% csrf_token %} into the template, it would return back fine
(and without csrf_token - it would return back an exception, as it
should).

Although it is a good thing that it happened (because I did actually
forget to include CSRF middleware), I feel that Django should raise an
exception (if this is the default behaviour), to tell the user they
must enable CSRF middleware, rather than just returning a blank page.

Any thoughts??

Cal

[Luke Plant]

Sgreed, but there isn't enough information here to work out what is
going on. Please file a ticket if you can create a test case that will
reproduce it. I can't think of any code paths in Django that would
return 'a blank page' (though I'm not sure I know what you mean by that).

Luke

--
A mosquito cried out in pain:
"A chemist has poisoned my brain!"
The cause of his sorrow
was para-dichloro-
diphenyltrichloroethane

Luke Plant || http://lukeplant.me.uk/

[Cal Leeming [Simplicity Media Ltd]]

Hi Luke,

Thanks for the reply.

I'll set up a test case in a fresh 1.2 django instance, and will let
you know the results (and the code used).

Cal

> --
> You received this message because you are subscribed to the Google Groups "Django developers" group.
> To post to this group, send email to django-d...@googlegroups.com.
> To unsubscribe from this group, send email to django-develop...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
>
>

[Luke Plant]

On 06/07/11 18:12, Cal Leeming [Simplicity Media Ltd] wrote:
> Hi Luke,
>
> Thanks for the reply.
>
> I'll set up a test case in a fresh 1.2 django instance, and will let
> you know the results (and the code used).

If it's not present in 1.3/trunk, there won't be bug fixes for it
(unless it is security related).

[Cal Leeming [Simplicity Media Ltd]]

Ah, okay I'll do it on both 1.2 and 1.3 to determine if it is/was a bug.

Cal

[Cal Leeming [Simplicity Media Ltd]]

Hi Luke,

Strange, I performed a bare test and I can't seem to reproduce the
problem. I then tried to replicate the problem in the existing code,
and it doesn't happen any more.

Some changes were being made earlier today to our L7 traffic
inspection appliance, so I suspect this might have been the reason for
the blank result on POST (perhaps I hit it in the middle of a change
being made to the appliance rules).

Always annoying to not know 100% what caused a bug :X

Thanks for the quick response anyway, in future I'll make sure to test
on a fresh install before posting to django-developers.

Cal