Some users are still having problems with the pop-up login. I think they are actually getting 403s because of the CSRF protection. So I have modified the base template to always have a javascript variable called csrf_token available when they aren't logged in. The ajax_login.js script was then modified to send this value with the ajax post. Fingers crossed.

"""
URLs for the oembed application.
"""
from django.conf.urls.defaults import *

urlpatterns = patterns('oembed.views',
    url(r'^fetch/$', 'fetch_media', name='oembed-fetch_media'),
    url(r'^fetch_saved/$', 'fetch_saved_media', name='oembed-fetch_saved_media'),
)