Django's comment systems adds an anti-spam feature that prevents "reply attacks" based on a timestamp. What does that mean? The comment form generates a hidden input field containing the current timestamp:
<input type="hidden" name="timestamp" value="1249296113" />
If a user (most likely a spam bot) tries to submit this comment form value after 2 hours, the comment gets blocked and a CommentPostBadRequest is returned (which is basically a HTTP 400 error).
I think this is a useful behaviour but, unfortunately, it breaks with my site design. All weblog detail views are cached for a very long time (currently 7 days), with it the comment form and and so the generated timestamp is practically always expired.
Disabling the timestamp check
What I did is that I disabled the timestamp check completly. There is no setting for and no setting to extend the validation period. So I simply abstracted the original CommentForm and overwritten the clean_timestamp method which now always returns a timestamp without raising an error.
All these steps are well documented in Django's documentation: Customizing the comments framework. However, here is the code I used:
# my_comments_app.forms
from django.contrib.comments.forms import CommentForm
class ExtendedCommentForm(CommentForm):
def clean_timestamp(self):
return self.cleaned_data["timestamp"]
# my_comments_app.__init__
from django.contrib.comments.models import Comment
from my_comments.forms import ExtendedCommentForm
def get_model():
return Comment
def get_form():
return ExtendedCommentForm
Comments closed
Sorry, new comments are no longer allowed for this entry.
Write me an email if you have feedback or any questions regarding this post. If you found this post useful and just want to say thank you then don't forget that I have an Amazon Wishlist. :-)