Enabling CSRF Middleware breaks admin site about django-cms HOT 6 CLOSED

this will be fixed when django 1.1 lands

from django-cms.

from http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#upgrading-notes

"Note that contrib apps, such as the admin, have been updated to use the csrf_protect decorator, so that they are secured even if you do not add the CsrfViewMiddleware to your settings. However, if you have supplied customised templates to any of the view functions of contrib apps (whether explicitly via a keyword argument, or by overriding built-in templates), you MUST update them to include the csrf_token template tag as described above, or they will stop working. (If you cannot update these templates for some reason, you will be forced to use CsrfResponseMiddleware for these views to continue working)."

from django-cms.

this is for django 1.2?

from django-cms.

yes, this is for 1.2, the current trunk version.

python -c "import django; print django.VERSION"
(1, 2, 0, 'alpha', 0)

from django-cms.

Note that CSRF middleware has been enabled by default from trunk revision 11660 onwards. (At this moment the latest revision is 11752.)

I had problems with CSRF middleware when trying to edit a django-cms page. I got an error which reads:
'PageAdmin' object has no attribute 'COOKIES'

I checked and there are no problems with revision 11659 of django. So, until this is fixed in django-cms people can use "svn update -r 11659" to revert their django source tree to the latest working revision.

from django-cms.

The fix for PageAdmin is to use the new django.utils.decorators.method_decorator when setting up reversion's create_on_success decorator. See:

http://code.djangoproject.com/ticket/12804

http://docs.djangoproject.com/en/dev/releases/1.2/#user-passes-test-login-required-and-permission-required

from django-cms.