I spent hours upon hours today trying to figure out why the Django 1.2 CSRF system was not working for me. There are obviously a lot of struggles with existing Django installs in converting to 1.2 because of the CSRF protection, but none of my searches turned up a useful resolution for my particular problem. What I saw was the typical “CSRF verification failed” message but I’d installed the middleware and inserted the token and passed in RequestContext so it should have worked. Then I switched off my tornado server and tried it via Django’s built-in server and voila! It worked.

Django 1.2 works with the latest versions of Tornado (I’m now running 1.1) but if you have a very old version I suspect you may run into the same problem I did. Save yourself the headache and make sure tornado is up to date and you don’t have any old versions installed.