encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-06-13 10:03:20 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add csrf note

Browse Source
This commit is contained in:
Tom Christie 2012-09-25 12:27:46 +01:00
parent 921c5840aa
commit 4fb57d28e6
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/tutorial/1-serialization.md
View File

@ -159,9 +159,10 @@ Edit the `blog/views.py` file, and add the following.
from blog.models import Comment from blog.models import Comment
from blog.serializers import CommentSerializer from blog.serializers import CommentSerializer
from django.http import HttpResponse
from django.views.decorators.csrf import csrf_exempt
from rest_framework.renderers import JSONRenderer from rest_framework.renderers import JSONRenderer
from rest_framework.parsers import JSONParser from rest_framework.parsers import JSONParser
from django.http import HttpResponse
class JSONResponse(HttpResponse): class JSONResponse(HttpResponse):
@ -177,6 +178,7 @@ Edit the `blog/views.py` file, and add the following.
The root of our API is going to be a view that supports listing all the existing comments, or creating a new comment. The root of our API is going to be a view that supports listing all the existing comments, or creating a new comment.
@csrf_exempt
def comment_root(request): def comment_root(request):
""" """
List all comments, or create a new comment. List all comments, or create a new comment.
@ -196,8 +198,11 @@ The root of our API is going to be a view that supports listing all the existing
else: else:
return JSONResponse(serializer.errors, status=400) return JSONResponse(serializer.errors, status=400)
Note that because we want to be able to POST to this view from clients that won't have a CSRF token we need to mark the view as `csrf_exempt`. This isn't something that you'd normally want to do, and REST framework views actually use more sensible behavior than this, but it'll do for our purposes right now.
We'll also need a view which corrosponds to an individual comment, and can be used to retrieve, update or delete the comment. We'll also need a view which corrosponds to an individual comment, and can be used to retrieve, update or delete the comment.
@csrf_exempt
def comment_instance(request, pk): def comment_instance(request, pk):
""" """
Retrieve, update or delete a comment instance. Retrieve, update or delete a comment instance.