how to turn off CSRF in django 1.2?

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

how to turn off CSRF in django 1.2?

Alan-49
Hi there,

I developed in a system that uses django 1.2, but the server is still
django 1.0.2.

Upgrading for a moment is not possible. Unless someone knows a nice
simple alternative, in order to keep my web portal compatible between
1.0.2 and 1.2, I would like to switch off CSRF on my developing
computer.

How can I do this simply and easily?

Many thanks,

Alan

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email].
To unsubscribe from this group, send email to [hidden email].
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Reply | Threaded
Open this post in threaded view
|

Re: how to turn off CSRF in django 1.2?

Sven Bröckling
Hi Alan,

> I developed in a system that uses django 1.2, but the server is still
> django 1.0.2.
> Upgrading for a moment is not possible. Unless someone knows a nice
> simple alternative, in order to keep my web portal compatible between
> 1.0.2 and 1.2, I would like to switch off CSRF on my developing
> computer.
> How can I do this simply and easily?
I have one project which has several issues with django 1.2, and so i
use 1.1 for that, 1.2 for other projects.

I have two versions of Django in my home dir, both svn checkouts. I need
only one version at a time, so i wrote two quick and dirty shell aliases
to switch the django version.

[sven@troy sven] which django1.1
django1.1: aliased to sudo rm -f
/usr/lib/python2.6/dist-packages/django; sudo ln -s
/home/sven/projects/programming/python/django/django-1.1/django
/usr/lib/python2.6/dist-packages/

[sven@troy sven] which django1.2
django1.2: aliased to sudo rm -f
/usr/lib/python2.6/dist-packages/django; sudo ln -s
/home/sven/projects/programming/python/django/django-trunk/django
/usr/lib/python2.6/dist-packages/

Sven

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email].
To unsubscribe from this group, send email to [hidden email].
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Reply | Threaded
Open this post in threaded view
|

Re: how to turn off CSRF in django 1.2?

Mathieu Leduc-Hamel-2
If I was you,

I would not install django directly on the system. It's not generally
a good practice.

The best thing you might do is to use of these two methods:

1. virtualenv (http://tumblr.intranation.com/post/766290325/python-virtualenv-quickstart-django)

2. buildout (http://jacobian.org/writing/django-apps-with-buildout/)

As you wish these two methods worked pretty well, on my side i like
buildout cause it's easier to maintain.

On Thu, Aug 26, 2010 at 1:07 PM, Sven Bröckling <[hidden email]> wrote:

> Hi Alan,
>
>> I developed in a system that uses django 1.2, but the server is still
>> django 1.0.2.
>> Upgrading for a moment is not possible. Unless someone knows a nice
>> simple alternative, in order to keep my web portal compatible between
>> 1.0.2 and 1.2, I would like to switch off CSRF on my developing
>> computer.
>> How can I do this simply and easily?
> I have one project which has several issues with django 1.2, and so i
> use 1.1 for that, 1.2 for other projects.
>
> I have two versions of Django in my home dir, both svn checkouts. I need
> only one version at a time, so i wrote two quick and dirty shell aliases
> to switch the django version.
>
> [sven@troy sven] which django1.1
> django1.1: aliased to sudo rm -f
> /usr/lib/python2.6/dist-packages/django; sudo ln -s
> /home/sven/projects/programming/python/django/django-1.1/django
> /usr/lib/python2.6/dist-packages/
>
> [sven@troy sven] which django1.2
> django1.2: aliased to sudo rm -f
> /usr/lib/python2.6/dist-packages/django; sudo ln -s
> /home/sven/projects/programming/python/django/django-trunk/django
> /usr/lib/python2.6/dist-packages/
>
> Sven
>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to [hidden email].
> To unsubscribe from this group, send email to [hidden email].
> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
>
>



--
Mathieu Leduc-Hamel

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email].
To unsubscribe from this group, send email to [hidden email].
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Reply | Threaded
Open this post in threaded view
|

Re: how to turn off CSRF in django 1.2?

João Rodrigues
In reply to this post by Alan-49
go to your settings.py and comment out django.middleware.csrf.CsrfViewMiddleware in your MIDDLEWARE_CLASSES

On 26 August 2010 10:33, Alan <[hidden email]> wrote:
Hi there,

I developed in a system that uses django 1.2, but the server is still
django 1.0.2.

Upgrading for a moment is not possible. Unless someone knows a nice
simple alternative, in order to keep my web portal compatible between
1.0.2 and 1.2, I would like to switch off CSRF on my developing
computer.

How can I do this simply and easily?

Many thanks,

Alan

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email].
To unsubscribe from this group, send email to [hidden email].
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email].
To unsubscribe from this group, send email to [hidden email].
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Reply | Threaded
Open this post in threaded view
|

Re: how to turn off CSRF in django 1.2?

Alan-49
Thanks João, you got exactly what I need.


On 26 Aug, 15:54, João Rodrigues <[hidden email]> wrote:

> go to your settings.py and comment out
> django.middleware.csrf.CsrfViewMiddleware in your MIDDLEWARE_CLASSES
>
> On 26 August 2010 10:33, Alan <[hidden email]> wrote:
>
>
>
> > Hi there,
>
> > I developed in a system that uses django 1.2, but the server is still
> > django 1.0.2.
>
> > Upgrading for a moment is not possible. Unless someone knows a nice
> > simple alternative, in order to keep my web portal compatible between
> > 1.0.2 and 1.2, I would like to switch off CSRF on my developing
> > computer.
>
> > How can I do this simply and easily?
>
> > Many thanks,
>
> > Alan
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Django users" group.
> > To post to this group, send email to [hidden email].
> > To unsubscribe from this group, send email to
> > [hidden email]<django-users%2Bunsubscribe@google groups.com>
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/django-users?hl=en.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email].
To unsubscribe from this group, send email to [hidden email].
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Reply | Threaded
Open this post in threaded view
|

Re: how to turn off CSRF in django 1.2?

Alan-49
In reply to this post by João Rodrigues
Ops, sorry, but I don't have this line
django.middleware.csrf.CsrfViewMiddleware, as I said, it's a project
done in 1.0.2. and I want it to run on my django 1.2 but without any
reference to Csrf, since the server where the portal is runs 1.0.2
yet.

On 26 Aug, 15:54, João Rodrigues <[hidden email]> wrote:

> go to your settings.py and comment out
> django.middleware.csrf.CsrfViewMiddleware in your MIDDLEWARE_CLASSES
>
> On 26 August 2010 10:33, Alan <[hidden email]> wrote:
>
>
>
> > Hi there,
>
> > I developed in a system that uses django 1.2, but the server is still
> > django 1.0.2.
>
> > Upgrading for a moment is not possible. Unless someone knows a nice
> > simple alternative, in order to keep my web portal compatible between
> > 1.0.2 and 1.2, I would like to switch off CSRF on my developing
> > computer.
>
> > How can I do this simply and easily?
>
> > Many thanks,
>
> > Alan
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Django users" group.
> > To post to this group, send email to [hidden email].
> > To unsubscribe from this group, send email to
> > [hidden email]<django-users%2Bunsubscribe@google groups.com>
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/django-users?hl=en.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email].
To unsubscribe from this group, send email to [hidden email].
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Reply | Threaded
Open this post in threaded view
|

Re: how to turn off CSRF in django 1.2?

João Rodrigues
what about 'django.contrib.csrf.middleware.CsrfMiddleware' ?
http://docs.djangoproject.com/en/1.0/ref/contrib/csrf/#how-to-use-it

On 26 August 2010 16:33, Alan <[hidden email]> wrote:

>
> Ops, sorry, but I don't have this line
> django.middleware.csrf.CsrfViewMiddleware, as I said, it's a project
> done in 1.0.2. and I want it to run on my django 1.2 but without any
> reference to Csrf, since the server where the portal is runs 1.0.2
> yet.
>
> On 26 Aug, 15:54, João Rodrigues <[hidden email]> wrote:
> > go to your settings.py and comment out
> > django.middleware.csrf.CsrfViewMiddleware in your MIDDLEWARE_CLASSES
> >
> > On 26 August 2010 10:33, Alan <[hidden email]> wrote:
> >
> >
> >
> > > Hi there,
> >
> > > I developed in a system that uses django 1.2, but the server is still
> > > django 1.0.2.
> >
> > > Upgrading for a moment is not possible. Unless someone knows a nice
> > > simple alternative, in order to keep my web portal compatible between
> > > 1.0.2 and 1.2, I would like to switch off CSRF on my developing
> > > computer.
> >
> > > How can I do this simply and easily?
> >
> > > Many thanks,
> >
> > > Alan
> >
> > > --
> > > You received this message because you are subscribed to the Google Groups
> > > "Django users" group.
> > > To post to this group, send email to [hidden email].
> > > To unsubscribe from this group, send email to
> > > [hidden email]<django-users%2Bunsubscribe@google groups.com>
> > > .
> > > For more options, visit this group at
> > >http://groups.google.com/group/django-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to [hidden email].
> To unsubscribe from this group, send email to [hidden email].
> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
>

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email].
To unsubscribe from this group, send email to [hidden email].
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Reply | Threaded
Open this post in threaded view
|

Re: how to turn off CSRF in django 1.2?

Reinout van Rees
In reply to this post by Alan-49
On 08/26/2010 05:33 PM, Alan wrote:
> Ops, sorry, but I don't have this line
> django.middleware.csrf.CsrfViewMiddleware, as I said, it's a project
> done in 1.0.2. and I want it to run on my django 1.2 but without any
> reference to Csrf, since the server where the portal is runs 1.0.2
> yet.

You could also attempt it the other way around.

If I remember correctly, they added a "dummy" {% csrf %} tag to 1.1.x
that doesn't really do anything.  So a form that works with 1.2 also
works with 1.1 without throwing errors.

You could see if that's available/portable for 1.0, too.  Otherwise, a
template tag that hacks this is quick to make yourself, I'd guess.


Reinout

--
Reinout van Rees - [hidden email] - http://reinout.vanrees.org
Collega's gezocht!
Django/python vacature in Utrecht: http://tinyurl.com/35v34f9

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email].
To unsubscribe from this group, send email to [hidden email].
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Reply | Threaded
Open this post in threaded view
|

Re: how to turn off CSRF in django 1.2?

Alan-49
In reply to this post by João Rodrigues
Thanks João, indeed, after reading the link, what I needed was to
*add* it. So now I have:

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.middleware.doc.XViewMiddleware',
    'django.contrib.csrf.middleware.CsrfMiddleware',
)

And everything seems to be working fine.

Alan

On 26 Aug, 17:50, João Rodrigues <[hidden email]> wrote:

> what about 'django.contrib.csrf.middleware.CsrfMiddleware' ?http://docs.djangoproject.com/en/1.0/ref/contrib/csrf/#how-to-use-it
>
> On 26 August 2010 16:33, Alan <[hidden email]> wrote:
>
>
>
>
>
> > Ops, sorry, but I don't have this line
> > django.middleware.csrf.CsrfViewMiddleware, as I said, it's a project
> > done in 1.0.2. and I want it to run on my django 1.2 but without any
> > reference to Csrf, since the server where the portal is runs 1.0.2
> > yet.
>
> > On 26 Aug, 15:54, João Rodrigues <[hidden email]> wrote:
> > > go to your settings.py and comment out
> > > django.middleware.csrf.CsrfViewMiddleware in your MIDDLEWARE_CLASSES
>
> > > On 26 August 2010 10:33, Alan <[hidden email]> wrote:
>
> > > > Hi there,
>
> > > > I developed in a system that uses django 1.2, but the server is still
> > > > django 1.0.2.
>
> > > > Upgrading for a moment is not possible. Unless someone knows a nice
> > > > simple alternative, in order to keep my web portal compatible between
> > > > 1.0.2 and 1.2, I would like to switch off CSRF on my developing
> > > > computer.
>
> > > > How can I do this simply and easily?
>
> > > > Many thanks,
>
> > > > Alan
>
> > > > --
> > > > You received this message because you are subscribed to the Google Groups
> > > > "Django users" group.
> > > > To post to this group, send email to [hidden email].
> > > > To unsubscribe from this group, send email to
> > > > [hidden email]<django-users%2Bunsubscribe@google groups.com>
> > > > .
> > > > For more options, visit this group at
> > > >http://groups.google.com/group/django-users?hl=en.
>
> > --
> > You received this message because you are subscribed to the Google Groups "Django users" group.
> > To post to this group, send email to [hidden email].
> > To unsubscribe from this group, send email to [hidden email].
> > For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email].
To unsubscribe from this group, send email to [hidden email].
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.