Ask Your Question
1

CSRF token missing or incorrect

asked 2011-06-09 03:52:14 -0500

anonymous user

Anonymous

updated 2011-11-10 10:48:26 -0500

anonymous user

Anonymous

When I try to change the skin for Askbot, I get the following error:

Forbidden (403) 

CSRF verification failed. Request aborted.
Reason given for failure:
    CSRF token missing or incorrect.

This puts me in a catch 22 situation whereby I need to change the skin to fix the error, but without fixing the error I can't change the skin. Can anyone tell me how to get round this?

Edit: I'm using the default skin. I don't know which templates are used in the settings interface. I would prefer a solution that didn't involve editing the default skin templates as those changes would be harder to maintain.

edit retag flag offensive close delete

Comments

In the case you've set up your setting.py manually, please make sure yours is carefully "spliced" with the one in askbot/setup_templates/settings.py as there are important pieces for the askbot app. Evgeny ( 2011-06-10 12:29:32 -0500 )edit

4 Answers

Sort by ยป oldest newest most voted
0

answered 2011-06-09 12:19:46 -0500

Evgeny gravatar image

updated 2011-06-10 12:27:52 -0500

Do your templates have {% csrf_token %} inside each <form>? I'd add them right after the <form> opening tag.

The template tag inserts a hidden field with a token to prevent cross site scripting.

edit maybe you have something missing in the settings.py? Sorry, somehow I assumed you've customized the skin and lost the csrf_tokens.

You'd need:

  • 'django.core.context_processors.csrf' in TEMPLATE_CONTEXT_PROCESSORS
  • CSRF_COOKIE_NAME - some string
  • CSRF_COOKIE_DOMAIN - your domain name - like 'example.com'

If CSRF_COOKIE_DOMAIN does not match yours, you'll see that error.

edit flag offensive delete publish link more
1

answered 2011-07-10 23:11:31 -0500

zephyr gravatar image

I had this problem as well. I figured out a csrf token missed at file askbot/deps/livesettings/templates/livesettings/group_settings.html.

No sure whether it's a bug. I added a {% csrf_token %} after <form> tag at line 26. Then this issue solved.

edit flag offensive delete publish link more

Comments

cool, thanks. I've added this change to the repo code, will update on the pypi index this week as well. Evgeny ( 2011-07-11 01:17:37 -0500 )edit
Thank your for this wonderful project. I've integrate it into our project and it works very well. zephyr ( 2011-07-11 16:18:43 -0500 )edit
0

answered 2011-11-10 09:58:00 -0500

quesada gravatar image

This 'CSRF verification failed' is still present in the current default skin (Nov 21st 2011), master branch. It prevents the user to log into the admin console, to change the skin. Is there any other way to change the skin? The one this site uses (default in the packaged version of askbot) does work...

edit flag offensive delete publish link more

Comments

Hello, the CSRF verification failure is due to an error in the configuration, not a bug in the software. You just need to set the domain name correctly in the CSRF_COOKIE_DOMAIN setting.

Evgeny ( 2011-11-10 10:47:43 -0500 )edit
0

answered 2011-11-29 22:42:15 -0500

Roland gravatar image

No sure whether it's a bug. I added a {% csrf_token %} after <form> tag at line 26. Then this issue solved. google

edit flag offensive delete publish link more

Your answer

Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

Add answer

[hide preview]

Reliable Askbot Hosting

Create your Q&A site at askbot.com. Managed Askbot hosting at just $15/mo. Dedicated hosting, support contracts, consulting services.

create your Q&A site
30 days free trial

Question tools

Follow
1 follower

Stats

Asked: 2011-06-09 03:52:14 -0500

Seen: 1,359 times

Last updated: Nov 29 '11