On Wed, Nov 7, 2012 at 9:28 PM, Marti Raudsepp <marti@juffo.org> wrote:
> It's clear now why CSRF didn't work on these pages: the csrf_token
> templatetag requires rendering the template with a RequestContext.
>
> I went through all code using render_to_response() without
> RequestContext/NavContext and made sure that they don't process POST
> data. I skimmed through the grep last time, but apparently I wasn't
> very attentive.
>
> I also permitted POST requests to /search/ again. These aren't sent by
> the site itself, but it was allowed before, maybe for a reason.
Looks reasonable - thanks, applied!
--Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/