Re: [PATCH] Enable CsrfViewMiddleware -- make CSRF protection required by default

On Wed, Nov 7, 2012 at 8:35 PM, Marti Raudsepp <marti@juffo.org> wrote:
> On Wed, Nov 7, 2012 at 9:11 PM, Magnus Hagander <magnus@hagander.net> wrote:
>>> "It all worked on my computer" ;)
>>
>> Really? Because the purging form doesn't work on my local machine...
>> Which does not go through varnish at any point, for example.
>
> Well I meant that half-jokingly.
>
> I don't have a complete development environment. When I navigate to
> that page, I get "ERROR: schema "pgq" does not exist".

Hmm. That was *supposed* to be handled by varnish_local.sql. But I see
now that it tries to actually look into the table that doesn't exist.
The actual form would work - it's just the listing of what's in the
queue right now that's now broken. That could just be rendered as a
completely empty listing in the case that there is no pgq installed -
that should be an easy fix.


> With that said, I can't see why these views/forms wouldn't work with
> CSRF. They're not doing cross-domain requests or anything. I will need
> to drill deeper.

Me either - it looked fine when reviewing the patch. Just not when
testing it (in production) :)

--Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/