I have a little crazy / crazy bug with the site and CSRF.
We run Django 1.2.3, Python 2.6 on Ubuntu with Apache2 + mod_wsgi and get end users who report 403 CRSF validation errors and 403 as a result.
All our forms have csrf_tokenand, as far as I know, everything works well in local dev and on the stage (we are not yet in production) ... except for one office (client, of course). In random cases, they will receive such 403, but then they will be updated and it will disappear (so this is not HTML, which does not have a token, etc.)
I reflect on the reasons and solutions, and it may happen that this office has a crazy proxy cache too bad or poorly configured or something similar, and I would appreciate some advice on what we can do in Django / Apache Method to work with top-level proxy servers (the client’s office will most likely not change their settings), or what else can lead to the failure of these CSRFs.
BTW: it was a 1.2.3 project from scratch, not some version 1.1 update, and we use only one standard / correct 1.2.3 CSRFMiddleware and manually added csrf_tokens - not CSRFResponseMiddleware to automatically enable csrf_token
Also: this happened on two separate servers (dev server and intermediate server), which are located in different places. Common factors (theoretically) are the same Django / Apache / mod_wsgi setting, the same database and the same office that receives 403s (and cannot copy 403 in our own place).
source
share