Django CSRF issues with cookies disabled

Question

Django CSRF issues with cookies disabled

While testing the application that I wrote in Django, I found that every time I submit the form, I get an HTTP 403 Forbidden error. I know that the CSRF middleware checks the cookie with the CSRF token - but what should be my approach for a user who has cookies disabled?

Do I need to check if cookies are allowed in each of my submissions or is there a better approach?

Thanks in advance.

This question was about Django pre-1.2 - the solution is different if you have an older version installed.

+3

django csrf

Rubix Nov 28 '09 at 18:23

source share

4 answers

, : , , 403:

from django.http import HttpResponseForbidden
from django.conf import settings

from django.template import RequestContext
from django.shortcuts import render_to_response

class PermissionErrorMiddleware(object):
    def process_response(self, request, response):
        if isinstance(response, HttpResponseForbidden):
            return render_to_response('403.html', context_instance=RequestContext(request)) 

        return response

, , cookie ( ), 403 . " " 404 , .

+1

Rubix 06 . '09 11:35

cookie, , CSRF. , - , , , - .

0

Rasmus Kaj 28 . '09 18:59

source share

Have you tried passing csrf information as a hidden POST variable? In projects that I participated in, it is usually done with hidden input:

<input type="hidden" name="csrf" value="<?=$person->csrf?>" />

Sorry for the PHP code, I don’t remember how to do this in Django templates.

0

Igor Zinov'yev Dec 6 '09 at 10:29

source share

Josh Tauberer · Accepted Answer · 2011-03-07T18:02:05+0000

Django 1.2 403, CSRF_FAILURE_VIEW.

Django CSRF issues with cookies disabled

More articles: