I get tons of false positives from Django contrib CSRF middleware. Just from the normal use of the site there will be many cases when the CSRF is just starting to block requests as suspected fake attacks.
Does anyone have such problems? I use the Django SVN branch, so I have the latest version of CSRF middleware. How can I diagnose these problems?
Update: I see these false positives on my production and dev sites. They happen sporadically. My site uses subdomains, and there is another version of the developer / product, running on different servers, but separated by a subdomain. What triggers CSRF warnings? This is when the dev cookie sender is sent to the production site? Can moving between subdomains for the same login cause problems?
Miken source
share