Reverts to changeset 435, and just add {% csrf_token %} to template forgot_pw.html, since CSRF protection seems to be only here (surely because of django.contrib.auth.views).
{% extends "site/layout/base.html" %}
{% load i18n %}
{% block content %}
<h1>404: {% blocktrans %}Page not found{% endblocktrans %}</h1>
{% blocktrans %}The requested page could not be found.{% endblocktrans %}
{% endblock %}