mirror of
				https://github.com/encode/django-rest-framework.git
				synced 2025-10-22 19:54:50 +03:00 
			
		
		
		
	Merge pull request #1706 from pipermerriam/piper/use_decorator_mixin_class
Alter CSRF exemption implementation
This commit is contained in:
		
						commit
						840fe7b05c
					
				|  | @ -103,7 +103,9 @@ class APIView(View): | |||
|         """ | ||||
|         view = super(APIView, cls).as_view(**initkwargs) | ||||
|         view.cls = cls | ||||
|         return view | ||||
|         # Note: session based authentication is explicitly CSRF validated, | ||||
|         # all other authentication is CSRF exempt. | ||||
|         return csrf_exempt(view) | ||||
| 
 | ||||
|     @property | ||||
|     def allowed_methods(self): | ||||
|  | @ -371,9 +373,9 @@ class APIView(View): | |||
|         response.exception = True | ||||
|         return response | ||||
| 
 | ||||
|     # Note: session based authentication is explicitly CSRF validated, | ||||
|     # all other authentication is CSRF exempt. | ||||
|     @csrf_exempt | ||||
|     # Note: Views are made CSRF exempt from within `as_view` as to prevent | ||||
|     # accidental removal of this exemption in cases where `dispatch` needs to | ||||
|     # be overridden. | ||||
|     def dispatch(self, request, *args, **kwargs): | ||||
|         """ | ||||
|         `.dispatch()` is pretty much the same as Django's regular dispatch, | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user