Django CSRF cookie not set error if there is cookie value starting with square brackets '['

423 views Asked by At

I have a django site that is hosted on xyz.mysite.com. Parent site mysite.com which I do not own or control sets up a cookie with value [XX]v3|[XXX]. This causes my site to return the error CSRF cookie not set. This happened because django/middleware/csrf.py csrf_token value is set to none when the user tries to log in.

If I delete the square braces from the the cookie value set by mysite.com it works fine.

Any idea how to avoid this issue. I am using django 1.5.12 which I cannot upgrade.

1

There are 1 answers

0
Kunal Deo On BEST ANSWER

This is a python 2.7.9 bug. It is fixed in 2.7.10 https://hg.python.org/cpython/rev/2a7b0e145945