Reverts to changeset 435, and just add {% csrf_token %} to template forgot_pw.html, since CSRF protection seems to be only here (surely because of django.contrib.auth.views).
/* http://www.hedgerwow.com/360/bugs/css-select-free.html */
.select-free {
position:absolute;
z-index:10;
cursor:pointer;
overflow:hidden;
width:33em;
}
.select-free iframe {
display:none;
display/**/:block;
position:absolute;
top:0;
left:0;
z-index:-1;
filter:mask();
width:3000px;
height:3000px
}