If an exception response occurs during the middleware processing it looks like the CSRF middleware layer can obscure the issue by getting a KeyError exception of its own. The request.META does not contain the CSRF_COOKIE but the response handling seems to assume it has already been set. I get the error...
File "/usr/local/lib/python3.6/dist-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/usr/local/lib/python3.6/dist-packages/django/utils/deprecation.py", line 96, in __call__
response = self.process_response(request, response)
File "/usr/local/lib/python3.6/dist-packages/django/middleware/csrf.py", line 325, in process_response
self._set_token(request, response)
File "/usr/local/lib/python3.6/dist-packages/django/middleware/csrf.py", line 189, in _set_token
request.META['CSRF_COOKIE'],
KeyError: 'CSRF_COOKIE'
I'd be interested in raising a ticket for this and putting in some code to either generate the CSRF Cookie or gracefully ignoring the situation of a missing CSRF Cookie. I had a look through the mail archives but couldn't find a similar experience which surprised me but I guess the normal response is to fix the underlying issue and not worry about the KeyError from the CSRF Cookie but I think it would be worth removing the red-herring. I also could be way off track so please let me know if this is the case.
Thanks,
Tim