Fix side effects with csrf token, add csrf_token to every post form + add ajax (see http://stackoverflow.com/questions/5100539/django-csrf-check-failing-with-an-ajax-post-request), remove django.middleware.csrf.CsrfViewMiddleware ?!
{% extends "site/layout/base_workspace.html" %}
{% load com %}
{% load i18n %}
{% block head %}
{% endblock %}
{% block content %}
<h1>{% blocktrans %}Activate your account{% endblocktrans %}</h1>
<form id="user_add" enctype="multipart/form-data" class="wizard-form" action="." method="post">{% csrf_token %}
<table class="wide_form">
<tbody>
{% with userform as form %}
{% include "site/macros/form_fields.html" %}
{% endwith %}
{% with pwform as form %}
{% include "site/macros/form_fields.html" %}
{% endwith %}
<tr>
<td style="vertical-align: top; width: 20%; text-align:right;">
</td>
<td>
<label></label>
<input name="save" type="submit" value="{% blocktrans %}Save{% endblocktrans %}"/>
</td>
</tr>
</tbody>
</table>
</form>
{% endblock %}