From d572ff36013a684343b166d61bf260d2716815ad Mon Sep 17 00:00:00 2001 From: Klaas van Schelven Date: Wed, 9 Apr 2025 14:12:29 +0200 Subject: [PATCH] Fix warning on CSRF view When the CSRF view is rendered, no RequestContext is used. This means the token used for the logout link on the regular base.html won't work. > UserWarning: A {% csrf_token %} was used in a template, but the context did not > provide the value. This is usually caused by not using RequestContext. --- templates/403_csrf.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/403_csrf.html b/templates/403_csrf.html index 40d63a9..27f800e 100644 --- a/templates/403_csrf.html +++ b/templates/403_csrf.html @@ -1,4 +1,4 @@ -{% extends "base.html" %} +{% extends "bare_base.html" %} {% comment %} Note on security: the basic principle is "the more you expose, the more an attacker knows." In this case, I think it should be fine, because all we expose here is stuff about mismatched hosts, and: