encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2024-11-28 20:44:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

make CSRF check optional on POST requests

Browse Source
This commit is contained in:
Craig Blaszczyk 2011-07-26 12:58:03 +01:00
parent 7070fa298c
commit 46ec20be79
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
djangorestframework/authentication.py
View File

@ -82,6 +82,7 @@ class UserLoggedInAuthentication(BaseAuthentication):
"""
Use Django's session framework for authentication.
"""
check_csrf = True
def authenticate(self, request):
"""
@ -91,7 +92,7 @@ class UserLoggedInAuthentication(BaseAuthentication):
# TODO: Switch this back to request.POST, and let FormParser/MultiPartParser deal with the consequences.
if getattr(request, 'user', None) and request.user.is_active:
# If this is a POST request we enforce CSRF validation.
if request.method.upper() == 'POST':
if request.method.upper() == 'POST' and self.check_csrf:
# Temporarily replace request.POST with .DATA,
# so that we use our more generic request parsing
request._post = self.view.DATA

1
djangorestframework/builtins.py
View File

@ -1,5 +1,6 @@
from djangorestframework.mixins import ListModelMixin, InstanceMixin
from django.conf.urls.defaults import patterns, url
from django.views.decorators.csrf import csrf_exempt
class DjangoRestFrameworkSite(object):
app_name = 'api'