encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-02-10 00:21:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1706 from pipermerriam/piper/use_decorator_mixin_class

Browse Source 
Alter CSRF exemption implementation
This commit is contained in:
Tom Christie 2014-09-03 18:49:34 +01:00
commit 840fe7b05c
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
rest_framework/views.py
View File

@ -103,7 +103,9 @@ class APIView(View):
""" """
view = super(APIView, cls).as_view(**initkwargs) view = super(APIView, cls).as_view(**initkwargs)
view.cls = cls view.cls = cls
return view # Note: session based authentication is explicitly CSRF validated,
# all other authentication is CSRF exempt.
return csrf_exempt(view)
@property @property
def allowed_methods(self): def allowed_methods(self):
@ -371,9 +373,9 @@ class APIView(View):
response.exception = True response.exception = True
return response return response
# Note: session based authentication is explicitly CSRF validated, # Note: Views are made CSRF exempt from within `as_view` as to prevent
# all other authentication is CSRF exempt. # accidental removal of this exemption in cases where `dispatch` needs to
@csrf_exempt # be overridden.
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
""" """
`.dispatch()` is pretty much the same as Django's regular dispatch, `.dispatch()` is pretty much the same as Django's regular dispatch,