Fixed #28488 -- Reallowed error handlers to access CSRF tokens.

Regression in eef95ea96f.
2025-10-24 06:06:09 +00:00 · 2017-09-17 22:24:05 +02:00
parent 77f82c4bf1
commit c4c128d67c
5 changed files with 57 additions and 6 deletions
--- a/docs/releases/1.11.6.txt
+++ b/docs/releases/1.11.6.txt
@@ -14,3 +14,7 @@ Bugfixes

 * Fixed crash when using the name of a model's autogenerated primary key
  (``id``) in an ``Index``'s ``fields`` (:ticket:`28597`).
+
+* Fixed a regression in Django 1.9 where a custom view error handler such as
+  ``handler404`` that accesses ``csrf_token`` could cause CSRF verification
+  failures on other pages (:ticket:`28488`).