Trouble deploying csrf in Django 1.6

16 views
Skip to first unread message

NoviceSortOf

unread,
May 15, 2017, 4:46:43 PM5/15/17
to Django users


I'm having trouble deploying csrf in Django 1.6

When I enable csrf  in settings either we get a Django error
or accounts can't login. 

Are there any special considerations for deploying csrf protection in 1.6?

I heard there was a utility for checking csrf in Django, where can I get
that utility and is it compatible with Django 1.6.

Any suggestions welcome.


Antonis Christofides

unread,
May 16, 2017, 1:47:25 AM5/16/17
to django...@googlegroups.com

Hi,

as you probably know, support for Django 1.6 ended a long time ago, so you'd better upgrade to 1.11 (1.8 is still supported but it's getting old). It might not affect this particular problem, but eventually you'll need to do it.

As to what you are asking, I guess that without some more information we can't say.

Regards,

A.

Antonis Christofides
http://djangodeployment.com
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/d1953e5f-278c-4b59-8332-195d8f7f9f76%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

NoviceSortOf

unread,
May 16, 2017, 8:19:15 AM5/16/17
to Django users
Thanks for the reply.

Upgrading to 1.11 is beyond the budget according to management.
So I'm stuck with 1.6 for now.
The upgrade from 1.1 to 1.6 took much more time that expected.

Anyhow after a reboot today csrf is working as expected. 

I'm still mystified as to what the problem may of been.
My only guess is it took a reboot to get the template to see {% csrf_token %}.

Here is info on the key components.

logon.html contains    <form method="post" action=".">{% csrf_token %}

settings.py contains
MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware', #
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.middleware.transaction.TransactionMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.contrib.redirects.middleware.RedirectFallbackMiddleware',   
   'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'djangosecure.middleware.SecurityMiddleware',
)
Reply all
Reply to author
Forward
0 new messages