[Django] #23866: Broken link on 403 forbidden "CSRF token missing or incorrect." page
Django
-------------------------------+--------------------
Reporter: nikolas | Owner: nobody
Type: Uncategorized | Status: new
Component: Documentation | Version: 1.7
Severity: Normal | Keywords: csrf
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------+--------------------
This page links to this page:
http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ref-contrib-
csrf
Which is a 404. Maybe this should be:
https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/
--
Ticket URL: <https://code.djangoproject.com/ticket/23866>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: nikolas | Owner: nobody
Type: Bug | Status: new
Component: Documentation | Version: 1.7
Severity: Release blocker | Resolution:
Keywords: csrf | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by bmispelon):
* severity: Normal => Release blocker
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
* type: Uncategorized => Bug
* stage: Unreviewed => Accepted
Comment:
Hi,
The offending line can be found here:
https://github.com/django/django/blob/master/django/views/csrf.py#L69
We should also make this link https instead of just http and I'm also
wondering if the link should point to the version of Django being used
instead of the `dev` version (not sure how feasible that is though).
I'm going to bump the severity as well since we should backport that fix.
Thanks.
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:1>
Django
Reporter: nikolas | Owner: nobody
Type: Bug | Status: new
Component: Documentation | Version: 1.7
Severity: Release blocker | Resolution:
Keywords: csrf | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by claudep):
`from django.utils.version import get_major_version` :-)
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:2>
Django
Reporter: nikolas | Owner: nobody
Type: Bug | Status: new
Component: Documentation | Version: 1.7
Severity: Release blocker | Resolution:
Keywords: csrf | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by bmispelon):
Replying to [comment:2 claudep]:
> `from django.utils.version import get_major_version` :-)
That would help, yes. But not for the development version though :)
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:3>
Django
Reporter: nikolas | Owner: nobody
Type: Bug | Status: new
Component: Documentation | Version: 1.7
Severity: Release blocker | Resolution:
Keywords: csrf | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by claudep):
Ritgh, we'll need something a bit more elaborate, something like `if
'alpha' in django.VERSION or 'beta' in django.VERSION: ver = 'stable';
else: ver = get_major_version`.
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:4>
Django
Reporter: nikolas | Owner: nobody
Type: Bug | Status: new
Component: Documentation | Version: 1.7
Severity: Release blocker | Resolution:
Keywords: csrf | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by iambibhas):
Looking for feedback. Is this over-engineered?
https://github.com/iambibhas/django/commit/2050933081bd7b3e28817e1d883c251812b219e7
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:5>
Django
Reporter: nikolas | Owner: nobody
Type: Bug | Status: new
Component: Documentation | Version: 1.7
Severity: Release blocker | Resolution:
Keywords: csrf | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by timgraham):
I think we should change the link in django/master and see if we can
simply add a redirect for compatibility with older versions. I don't think
generating smarts links based on the version of Django offers much
benefit.
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:6>
Django
Reporter: nikolas | Owner: nobody
Type: Bug | Status: new
Component: Documentation | Version: 1.7
Severity: Release blocker | Resolution:
Keywords: csrf | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by iambibhas):
Right now, adding a redirect would solve the broken link issue without any
code changes. I came across this when visiting the DRF doc and the url
there is broken as well.
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:7>
Django
Reporter: nikolas | Owner: nobody
Type: Bug | Status: new
Component: Documentation | Version: 1.7
Severity: Release blocker | Resolution:
Keywords: csrf | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by claudep):
We already have something like that in:
https://github.com/django/django/blob/master/django/core/management/templates.py#L103
Then I've identified some locations which could benefit from a common
implementation of the docs version number:
{{{
django/contrib/gis/db/models/__init__.py: "See also
https://docs.djangoproject.com/en/stable/ref/contrib/gis/install/geolibs/")
django/core/management/commands/squashmigrations.py:
"https://docs.djangoproject.com/en/1.7/topics/migrations/#squashing-
migrations"
django/core/management/sql.py: "see:
https://docs.djangoproject.com/en/dev/ref/settings/#databases")
django/db/migrations/state.py:
"https://docs.djangoproject.com/en/1.7/topics/migrations/#dependencies "
django/db/migrations/writer.py:
"https://docs.djangoproject.com/en/dev/topics/migrations/#serializing-
values"
django/db/migrations/writer.py: "migration files.\nFor
more, see https://docs.djangoproject.com/en/dev/"
django/utils/deconstruct.py:
"https://docs.djangoproject.com/en/dev/topics/migrations/#serializing-
values"
django/views/csrf.py:
href='http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ref-contrib-
csrf'>Django's
django/views/csrf.py:
href='http://docs.djangoproject.com/en/dev/ref/templates/api/#subclassing-
context-requestcontext'><code>RequestContext</code></a>
}}}
So I think that `django.utils.version` could have a new `get_docs_version`
utility.
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:8>
Django
Reporter: nikolas | Owner: nobody
Type: Bug | Status: new
Component: Documentation | Version: 1.7
Severity: Release blocker | Resolution:
Keywords: csrf | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by iambibhas):
That sounds good. But how to handle the url change other than the version
number e.g. in this case csrf page has moved from `contrib/`?
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:9>
Django
Reporter: nikolas | Owner: nobody
Type: Bug | Status: new
Component: Documentation | Version: 1.7
Severity: Release blocker | Resolution:
Keywords: csrf | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by claudep):
The url change could/should be handled by a compatibility redirect, as
mentioned by Tim in comment:6.
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:10>
Django
Reporter: nikolas | Owner: nobody
Type: Bug | Status: new
Component: Documentation | Version: 1.7
Severity: Release blocker | Resolution:
Keywords: csrf | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by claudep):
I've just added the redirect for short-term resolution of the issue. Code
still needs to be updated.
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:11>
Django
--------------------------------------+------------------------------------
Reporter: nikolas | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: csrf | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Changes (by timgraham):
* component: Documentation => Core (Other)
* version: 1.7 => master
* type: Bug => Cleanup/optimization
* severity: Release blocker => Normal
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:12>
Django
Reporter: nikolas | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by timgraham):
* keywords: csrf =>
* has_patch: 0 => 1
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:13>
Django
-------------------------------------+-------------------------------------
Type: | Status: closed
Cleanup/optimization |
Component: Core (Other) | Version: master
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Claude Paroz <claude@…>):
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"234a2e0b6bcad5536d5d6cbb398eb6b7cc4eb67e"]:
{{{
#!CommitTicketReference repository=""
revision="234a2e0b6bcad5536d5d6cbb398eb6b7cc4eb67e"
Fixed #23866 -- Harmonized refs to Django documentation from code
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:14>
Django
-------------------------------------+-------------------------------------
Type: | Status: closed
Cleanup/optimization |
Component: Core (Other) | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by Claude Paroz <claude@…>):
In [changeset:"ffa548fb561d4e32b42566cc67a2499a5e321944"]:
{{{
#!CommitTicketReference repository=""
revision="ffa548fb561d4e32b42566cc67a2499a5e321944"
Updated link to CSRF docs
Refs #23866.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23866#comment:15>