StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
20691221
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2013-12-19T20:38:25.767
FavoriteCount
0
LastActivityDate
2013-12-19T20:38:25.767
LastEditDate
LastEditorUserId
0
OwnerUserId
540644
ParentId
20690051
PostTypeId
2
Score
6
ViewCount
0
LastEditorDisplayName
text
Body
If you do a GET request before POSTing to the password reset view, you get the CSRF token in a cookie, which you can then send in your POST request. If you insist on exempting the view: I think the problem lies in the way the CSRF protection is applied to the <code>password_reset</code> view. It is explicitly decorated by <code>csrf_protect</code>. To have a closer look at the problem, lets assume <code>original_password_reset_view</code> is <code>password_reset</code> without the <code>csrf_protect</code>. Basically, you are doing this: <pre><code>csrf_exempt(csrf_protect(original_password_reset_view)) # ^^ your code # ^^ the decorator in django.contrib.auth.views </code></pre> And adding in the effect of the <code>CsrfViewMiddleware</code>, we get the equivalent of <pre><code>csrf_protect(csrf_exempt(csrf_protect(original_password_reset_view))) </code></pre> <code>csrf_protect</code> is just a <a href="https://github.com/django/django/blob/master/django/views/decorators/csrf.py#L5" rel="noreferrer">middleware-turned-decorator</a> from <code>CsrfViewMiddleware</code>. <code>csrf_exempt</code> on the other hand <a href="https://github.com/django/django/blob/master/django/views/decorators/csrf.py#L58" rel="noreferrer">simply sets <code>csrf_exempt=True</code></a> on its argument. So the middleware, represented by the outer <code>csrf_protect</code>, sees the <code>csrf_exempt=True</code> value on the view and disables its CSRF projection. It negates the outer <code>csrf_protect</code>. So we have: <pre><code>csrf_protect(original_password_reset_view) </code></pre> The view is still protected. Basically, there is no sane way around. (An insane way: write a middleware that sets <code>request.csrf_processing_done = True</code> for that specific URL. Don't do that...)
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POcsrf_exempt not working with django auth
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USsk1p
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POcsrf_exempt not working with django auth
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
CommentsPostId
1. COThanks for the explanation!
 singulars
 PostPostId
 PO
 UserUserId
 USkahlo

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.