Ticket #17732: django-csrf-missing-help-cookies-view.patch

django/middleware/csrf.py

@@ -176 +176 @@
                 # and possible for PUT/DELETE.
                 request_csrf_token = request.META.get('HTTP_X_CSRFTOKEN', '')
 
+            if not request.session.test_cookie_worked():
+                return self._reject(request, REASON_NO_CSRF_COOKIE)
+
             if not constant_time_compare(request_csrf_token, csrf_token):
                 logger.warning('Forbidden (%s): %s',
                                REASON_BAD_TOKEN, request.path,