Monday, April 2nd, 2012

Fixed CSRF Bug on my profile site

I finally noticed that there was a horrible bug on my profile website, iamkevin.ca. I never noticed the bug, as I normally log into the site before using it, so I naturally had a CSRF token. I ended up visiting the site without logging in first on a new machine, and noticed that the AJAX code was not loading... It was very strange, as I never saw this bug before, but I am sure everyone who has ever visited my profile site has seen it, which is very unfortunate and definitely makes me look bad. I found out that it was a CSRF token issue, as the site never sets the cookie, unless you visit the hidden log-in page, which of course nobody has access to, but myself. So I was the only one in the world which was able to see the site working.

I merely modified the template which renders the page, to add a csrf_token tag, now it functions as it should. Now everyone should be-able to see the site working as it was originally intended, I do apologize for those who had seen it while it was in this broken state. Unfortunately, it was like this for months and months... What an awful situation, at least now I know that if I want to build a complete AJAX website in Django, the initial page needs to provide the CSRF token, or nothing will work for end-users, and only I will personally be-able to see it work. Lesson learned.

About Me

My Photo
Names Kevin, hugely into UNIX technologies, not just Linux. I've dabbled with the demons, played with the Sun, and now with the Penguins.




Kevin Veroneau Consulting Services
Do you require the services of a Django contractor? Do you need both a website and hosting services? Perhaps I can help.

If you like what you read, please consider donating to help with hosting costs, and to fund future books to review.

Python Powered | © 2012-2014 Kevin Veroneau