Disable CSRF protection for Django 1.2
One of the major changes to Django 1.2 was the automatic switching-on of CSRF protection. I ran into some problems today, hitting the following error.
Forbidden (403) CSRF verification failed. Request aborted.
There were a couple of issues at play here. Firstly, I was using django.contrib.auth.views.login to log my users in. Even if you don’t have the CSRF middleware switched on, these views are protected. Secondly, users were logging in from a different, non-Django sub-domain, so generating Django-compatible CSRF tokens wasn’t really an option.
Thirdly, the Django site in question was a relatively small, internal, non-client facing site.
With all that in mind, I took the decision to turn off Django’s CSRF protection. I had to dig a bit to find this information, so hopefully it helps someone else.
You probably shouldn’t do this: CSRF protection is a good thing!
Implementing the following as middleware will do the trick.
class disableCSRF: def process_request(self, request): setattr(request, '_dont_enforce_csrf_checks', True) return None
Great !!
Hi john,
I also need to disable the CSRF protection of my django system. It is sitting behind a Proxy, which is the only source where requests will come from. I want to enable the mysite/admin login page to work behind this proxy.
It seems to me that your patch should do the trick. Or did I get something wrong?
I created a disable.py in my django system and added disable.disableCSRF to my MIDDLEWARE_CLASSES.
I tried it at the top most position and on the bottom. Both had no effect. I commented out the CsrfViewMiddleware. With all this attempt I always get a CSRF error when i try to log on via the proxy ad mysite/proxy
Thanks for your help in advance
Thank you! I was just testing the authentication locally and just couln’t avoid the 403. You saved my homework thanks a bunch
Where do you put this in your django file architecture. Im doing the tutorial with the latest version of django, and I’m running into a csrf failure.
Thanks in advance