Closed Bug 644148 Opened 13 years ago Closed 13 years ago

Hiding the welcome message fails due to CSRF protection

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: walkah, Assigned: walkah)

Details

James Walker [:walkah]

Assignee

Description

•

13 years ago

clicking the 'hide' button on the welcome broadcast message throws a 403 (via ajax) which is ignored.

This is due to the changed CSRF handling for AJAX in 1.2.5 - http://www.djangoproject.com/weblog/2011/feb/08/security/

Paul Osman [:paulosman]

Comment 1

•

13 years ago

Ah thanks for catching that. Wanna throw a @csrf_exempt decorator on the view that handles those requests and submit a pull request? :-)

James Walker [:walkah]

Assignee

Updated

•

13 years ago

Assignee: nobody → walkah

James Walker [:walkah]

Assignee

Comment 2

•

13 years ago

https://github.com/paulosman/batucada/pull/35 :)

James Walker [:walkah]

Assignee

Comment 3

•

13 years ago

This has been merged

Status: NEW → RESOLVED

Closed: 13 years ago

Resolution: --- → FIXED

Nobody; OK to take it and work on it

Updated

•

9 years ago

Product: Websites → Websites Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Hiding the welcome message fails due to CSRF protection

Categories

(Websites Graveyard :: drumbeat.org, defect)

Tracking

(Not tracked)

People

(Reporter: walkah, Assigned: walkah)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Comment 2

Comment 3

Updated