We have a small site that is just beginning to be exposed to the outside world. For the most part, it works very well, but we sometimes get 403 errors with the message “CSRF FAILURECSRF cookie not set” from one of the forms. The form definitely contains {% csrf_token %}, and our middleware looks like this:
MIDDLEWARE_CLASSES = (
'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
)
The form works great for most people, but about once a day I get an email with a crash. The email contains the actual request, which is as follows (I deleted the rest of the POST data to hide my personal data, but left csrfmiddlewaretoken):
<WSGIRequest
path:/main/10/apply/,
GET:<QueryDict: {}>,
POST:<QueryDict: {u'csrfmiddlewaretoken': [u'IQQZvbVIggJm6Be6VinPHj8Qn3i3TdmG']}>,
COOKIES:{},
META:{'CONTENT_LENGTH': '111978',
'CONTENT_TYPE': 'multipart/form-data; boundary=----WebKitFormBoundaryLyo9BPXnAwKnt8ew',
'CSRF_COOKIE': 'XmSPWJZk2UwS4PNBXRmVlAaYDDdNaGqk',
CSRF_COOKIE csrfmiddlewaretoken, , , , , , . - .
, ? Django 1.4.1 CentOS, mod_wsgi apache.
: , , , COOKIES:{} , , , , cookie , CSRF_COOKIE META?
!
Brandon