From 42847327d1277451ee7a61716f7b9f62f50ecbdc Mon Sep 17 00:00:00 2001 From: Florian Apolloner Date: Sun, 17 Sep 2017 22:24:05 +0200 Subject: [1.11.x] Fixed #28488 -- Reallowed error handlers to access CSRF tokens. Regression in eef95ea96faef0b7dbbe0c8092202b74f68a899b. Backport of c4c128d67c7dc2830631c6859a204c9d259f1fb1 from master --- docs/releases/1.11.6.txt | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'docs') diff --git a/docs/releases/1.11.6.txt b/docs/releases/1.11.6.txt index ff9d4385fe..222a9c9125 100644 --- a/docs/releases/1.11.6.txt +++ b/docs/releases/1.11.6.txt @@ -14,3 +14,7 @@ Bugfixes * Fixed crash when using the name of a model's autogenerated primary key (``id``) in an ``Index``'s ``fields`` (:ticket:`28597`). + +* Fixed a regression in Django 1.9 where a custom view error handler such as + ``handler404`` that accesses ``csrf_token`` could cause CSRF verification + failures on other pages (:ticket:`28488`). -- cgit v1.3