mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-12-01 05:54:01 +03:00
make CSRF check optional on POST requests
This commit is contained in:
parent
7070fa298c
commit
46ec20be79
|
@ -82,6 +82,7 @@ class UserLoggedInAuthentication(BaseAuthentication):
|
||||||
"""
|
"""
|
||||||
Use Django's session framework for authentication.
|
Use Django's session framework for authentication.
|
||||||
"""
|
"""
|
||||||
|
check_csrf = True
|
||||||
|
|
||||||
def authenticate(self, request):
|
def authenticate(self, request):
|
||||||
"""
|
"""
|
||||||
|
@ -91,7 +92,7 @@ class UserLoggedInAuthentication(BaseAuthentication):
|
||||||
# TODO: Switch this back to request.POST, and let FormParser/MultiPartParser deal with the consequences.
|
# TODO: Switch this back to request.POST, and let FormParser/MultiPartParser deal with the consequences.
|
||||||
if getattr(request, 'user', None) and request.user.is_active:
|
if getattr(request, 'user', None) and request.user.is_active:
|
||||||
# If this is a POST request we enforce CSRF validation.
|
# If this is a POST request we enforce CSRF validation.
|
||||||
if request.method.upper() == 'POST':
|
if request.method.upper() == 'POST' and self.check_csrf:
|
||||||
# Temporarily replace request.POST with .DATA,
|
# Temporarily replace request.POST with .DATA,
|
||||||
# so that we use our more generic request parsing
|
# so that we use our more generic request parsing
|
||||||
request._post = self.view.DATA
|
request._post = self.view.DATA
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
from djangorestframework.mixins import ListModelMixin, InstanceMixin
|
from djangorestframework.mixins import ListModelMixin, InstanceMixin
|
||||||
from django.conf.urls.defaults import patterns, url
|
from django.conf.urls.defaults import patterns, url
|
||||||
|
from django.views.decorators.csrf import csrf_exempt
|
||||||
|
|
||||||
class DjangoRestFrameworkSite(object):
|
class DjangoRestFrameworkSite(object):
|
||||||
app_name = 'api'
|
app_name = 'api'
|
||||||
|
|
Loading…
Reference in New Issue
Block a user