Discussion:
csrf issues with django-cms 2.1.1
Brendan Smith
2011-02-09 22:04:45 UTC
Permalink
hey all,

i just tried to upgrade my staging server to django-cms 2.1.1 final. in
the process of installing it with pip, pip automatically installed django
1.2.5. now i am getting CSRF issues with trying to add a plugin with the
ajax add. I saw a post on django-cms.org that said this was an issue with
the release of django 1.2.5, but all of my packages are up to date.
anyone got any hints or clues?

thanks
brendan
--
Brendan Smith, IT Coordinator
National Priorities Project
http://nationalpriorities.org
http://costofwar.com
http://www.facebook.com/nationalpriorities
413 584 9556
--
You received this message because you are subscribed to the Google Groups "django-cms" group.
To post to this group, send email to django-cms-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
To unsubscribe from this group, send email to django-cms+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit this group at http://groups.google.com/group/django-cms?hl=en.
Jonas Obrist
2011-02-10 06:52:41 UTC
Permalink
Did you also make sure you use the latest media files and templates?
Post by Brendan Smith
hey all,
i just tried to upgrade my staging server to django-cms 2.1.1 final. in
the process of installing it with pip, pip automatically installed django
1.2.5. now i am getting CSRF issues with trying to add a plugin with the
ajax add. I saw a post on django-cms.org that said this was an issue with
the release of django 1.2.5, but all of my packages are up to date.
anyone got any hints or clues?
thanks
brendan
--
Brendan Smith, IT Coordinator
National Priorities Project
http://nationalpriorities.org
http://costofwar.com
http://www.facebook.com/nationalpriorities
413 584 9556
--
You received this message because you are subscribed to the Google Groups "django-cms" group.
To unsubscribe from this group, send email to
For more options, visit this group at
http://groups.google.com/group/django-cms?hl=en.
--
You received this message because you are subscribed to the Google Groups "django-cms" group.
To post to this group, send email to django-cms-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
To unsubscribe from this group, send email to django-cms+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit this group at http://groups.google.com/group/django-cms?hl=en.
Brendan Smith
2011-02-10 13:56:51 UTC
Permalink
Ahhhh good point Jonas. I did forget to update my admin templates. I'll do that first thing when I get in the office this morning. Thanks for the insight.

Sent from my iPad
Post by Jonas Obrist
Did you also make sure you use the latest media files and templates?
Post by Brendan Smith
hey all,
i just tried to upgrade my staging server to django-cms 2.1.1 final. in
the process of installing it with pip, pip automatically installed django
1.2.5. now i am getting CSRF issues with trying to add a plugin with the
ajax add. I saw a post on django-cms.org that said this was an issue with
the release of django 1.2.5, but all of my packages are up to date.
anyone got any hints or clues?
thanks
brendan
--
Brendan Smith, IT Coordinator
National Priorities Project
http://nationalpriorities.org
http://costofwar.com
http://www.facebook.com/nationalpriorities
413 584 9556
--
You received this message because you are subscribed to the Google Groups "django-cms" group.
For more options, visit this group at http://groups.google.com/group/django-cms?hl=en.
--
You received this message because you are subscribed to the Google Groups "django-cms" group.
For more options, visit this group at http://groups.google.com/group/django-cms?hl=en.
--
You received this message because you are subscribed to the Google Groups "django-cms" group.
To post to this group, send email to django-cms-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
To unsubscribe from this group, send email to django-cms+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit this group at http://groups.google.com/group/django-cms?hl=en.
Kevin Renskers
2011-02-10 14:38:37 UTC
Permalink
Unless you override the admin templates in your own project, you don't have
to do anything right? Nothing has changed for the normal templates? No new
required templatetags or anything?
--
You received this message because you are subscribed to the Google Groups "django-cms" group.
To post to this group, send email to django-cms-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
To unsubscribe from this group, send email to django-cms+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit this group at http://groups.google.com/group/django-cms?hl=en.
Brendan Smith
2011-02-10 15:38:22 UTC
Permalink
Jonas you were right. I updated the templates and everything is running
smoothly again. I'll be upgrading my production server to 2.1.1 at some
point today. Thanks for your help
Post by Kevin Renskers
Unless you override the admin templates in your own project, you don't have
to do anything right? Nothing has changed for the normal templates? No new
required templatetags or anything?
--
You received this message because you are subscribed to the Google Groups
"django-cms" group.
To unsubscribe from this group, send email to
For more options, visit this group at
http://groups.google.com/group/django-cms?hl=en.
--
Brendan Smith, IT Specialist
National Priorities Project
http://www.nationalpriorities.org
http://www.costofwar.com
http://www.facebook.com/nationalpriorities
413 584 9556
--
You received this message because you are subscribed to the Google Groups "django-cms" group.
To post to this group, send email to django-cms-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
To unsubscribe from this group, send email to django-cms+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit this group at http://groups.google.com/group/django-cms?hl=en.
podio
2011-02-10 15:15:08 UTC
Permalink
New in Django and in Django - CMS same problem

* All media files are download today so are last version
* Link like tutorial says:
MEDIA_ROOT = os.path.join(PROJECT_PATH, "media")
MEDIA_URL = "/media/"
ADMIN_MEDIA_PREFIX="/media/admin/"

I think some bug in the newer version, i also get a popup windows
with:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://
www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="robots" content="NONE,NOARCHIVE">
<title>403 Forbidden</title>
<style type="text/css">
html * { padding:0; margin:0; }
body * { padding:10px 20px; }
body * * { padding:0; }
body { font:small sans-serif; background:#eee; }
body>div { border-bottom:1px solid #ddd; }
h1 { font-weight:normal; margin-bottom:.4em; }
h1 span { font-size:60%; color:#666; font-weight:normal; }
#info { background:#f6f6f6; }
#info ul { margin: 0.5em 4em; }
#info p, #summary p { padding-top:10px; }
#summary { background: #ffc; }
#explanation { background:#eee; border-bottom: 0px none; }
</style>
</head>
<body>
<div id="summary">
<h1>Forbidden <span>(403)</span></h1>
<p>CSRF verification failed. Request aborted.</p>

</div>

<div id="info">
<h2>Help</h2>

<p>Reason given for failure:</p>
<pre>
CSRF token missing or incorrect.
</pre>


<p>In general, this can occur when there is a genuine Cross Site
Request Forgery, or when
<a
href='http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ref-
contrib-csrf'>Django's
CSRF mechanism</a> has not been used correctly. For POST forms, you
need to
ensure:</p>

<ul>
<li>The view function uses <a
href='http://docs.djangoproject.com/en/dev/ref/templates/api/
#subclassing-context-requestcontext'><code>RequestContext</code></a>
for the template, instead of <code>Context</code>.</li>

<li>In the template, there is a <code>{% csrf_token
%}</code> template tag inside each POST form that
targets an internal URL.</li>

<li>If you are not using <code>CsrfViewMiddleware</code>, then you
must use
<code>csrf_protect</code> on any views that use the
<code>csrf_token</code>
template tag, as well as those that accept the POST data.</li>

</ul>

<p>You're seeing the help section of this page because you have
<code>DEBUG =
True</code> in your Django settings file. Change that to
<code>False</code>,
and only the initial error message will be displayed. </p>

<p>You can customize this page using the CSRF_FAILURE_VIEW setting.</
p>
</div>

</body>
</html>
Post by Brendan Smith
hey all,
i just tried to upgrade my staging server to django-cms 2.1.1 final.   in
the process of installing it with pip, pip automatically installed django
1.2.5.  now i am getting CSRF issues with trying to add a plugin with the
ajax add.    I saw a post on django-cms.org that said this was an issue with
the release of django 1.2.5, but all of my packages are up to date.
 anyone got any hints or clues?
thanks
brendan
--
Brendan Smith, IT Coordinator
National Priorities Projecthttp://nationalpriorities.orghttp://costofwar.comhttp://www.facebook.com/nationalpriorities
413 584 9556
--
You received this message because you are subscribed to the Google Groups "django-cms" group.
To post to this group, send email to django-cms-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
To unsubscribe from this group, send email to django-cms+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-cms?hl=en.
Stefano Morandi
2011-02-11 09:05:04 UTC
Permalink
Post by podio
New in Django and in Django - CMS same problem
* All media files are download today so are last version
MEDIA_ROOT = os.path.join(PROJECT_PATH, "media")
MEDIA_URL = "/media/"
ADMIN_MEDIA_PREFIX="/media/admin/"
I think some bug in the newer version, i also get a popup windows
Same problem here, but with django-trunk and django-cms 2.1.1
--
Stefano Morandi | stefano (at) iast (dot) it
Linux user #147418 | GPG key block:
FSFE fellow #1896 | http://www.nephila.it/pgp
--
You received this message because you are subscribed to the Google Groups "django-cms" group.
To post to this group, send email to django-cms-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
To unsubscribe from this group, send email to django-cms+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit this group at http://groups.google.com/group/django-cms?hl=en.
Iacopo Spalletti
2011-02-11 10:46:22 UTC
Permalink
Post by Stefano Morandi
Post by podio
New in Django and in Django - CMS same problem
* All media files are download today so are last version
MEDIA_ROOT = os.path.join(PROJECT_PATH, "media")
MEDIA_URL = "/media/"
ADMIN_MEDIA_PREFIX="/media/admin/"
I think some bug in the newer version, i also get a popup windows
Same problem here, but with django-trunk and django-cms 2.1.1
Confirmed on a clean django 1.2.5/django-cms 2.1.1 project
I can provide ssh access to the machine hosting the project
--
Regards
IS
Iacopo Spalletti

PGP key block: http://www.spalletti.it/pgp
o***@public.gmane.org
2011-02-14 21:07:49 UTC
Permalink
Hi,
i think I also did everything right but i still have an error with
CSRF.

More over, in cms/page, when i want to copy a page, I have an error
when browser try to load this image /media/cms/img/admin/nav-bg.gif ,
but I dont have a img folder.
Is it normal ?

thanks
Post by Iacopo Spalletti
Post by Stefano Morandi
Post by podio
New in Django and in Django - CMS same problem
* All media files are download today so are last version
MEDIA_ROOT = os.path.join(PROJECT_PATH, "media")
MEDIA_URL = "/media/"
ADMIN_MEDIA_PREFIX="/media/admin/"
I think some bug in the newer version, i also get a popup windows
Same problem here, but with django-trunk and django-cms 2.1.1
Confirmed on a clean django 1.2.5/django-cms 2.1.1 project
I can provide ssh access to the machine hosting the project
--
Regards
IS
Iacopo Spalletti
PGP key block:http://www.spalletti.it/pgp
 smime.p7s
5KAfficherTélécharger
--
You received this message because you are subscribed to the Google Groups "django-cms" group.
To post to this group, send email to django-cms-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
To unsubscribe from this group, send email to django-cms+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-cms?hl=en.
Jonas Obrist
2011-02-15 16:34:05 UTC
Permalink
Could you guys please check if the issue still exists when using this
branch: https://github.com/divio/django-cms/tree/hotfix/2.1.2 ?

Thank you
--
You received this message because you are subscribed to the Google Groups "django-cms" group.
To post to this group, send email to django-cms-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
To unsubscribe from this group, send email to django-cms+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit this group at http://groups.google.com/group/django-cms?hl=en.
Iacopo Spalletti
2011-02-16 09:38:08 UTC
Permalink
Post by Jonas Obrist
Could you guys please check if the issue still exists when using this
branch: https://github.com/divio/django-cms/tree/hotfix/2.1.2 ?
Thank you
It's fixed for me, both in test project and "real" ones.
Thanks
--
Regards
IS
Iacopo Spalletti

PGP key block: http://www.spalletti.it/pgp
Continue reading on narkive:
Loading...