encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-08-05 04:50:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge f284dd8c80 into 9c9525b130

Browse Source
This commit is contained in:
Reetesh Ranjan 2017-05-30 14:35:43 +00:00 committed by GitHub
commit 8dfdd946be
3 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rest_framework/authentication.py
View File

@ -125,6 +125,7 @@ class SessionAuthentication(BaseAuthentication):
if not user or not user.is_active: if not user or not user.is_active:
return None return None
if not request.csrf_exempt:
self.enforce_csrf(request) self.enforce_csrf(request)
# CSRF passed with authenticated user # CSRF passed with authenticated user

13
rest_framework/request.py
View File

@ -82,7 +82,8 @@ def clone_request(request, method):
parsers=request.parsers, parsers=request.parsers,
authenticators=request.authenticators, authenticators=request.authenticators,
negotiator=request.negotiator, negotiator=request.negotiator,
parser_context=request.parser_context) parser_context=request.parser_context,
csrf_exempt=request.csrf_exempt)
ret._data = request._data ret._data = request._data
ret._files = request._files ret._files = request._files
ret._full_data = request._full_data ret._full_data = request._full_data
@ -133,7 +134,7 @@ class Request(object):
""" """
def __init__(self, request, parsers=None, authenticators=None, def __init__(self, request, parsers=None, authenticators=None,
negotiator=None, parser_context=None): negotiator=None, parser_context=None, csrf_exempt=False):
self._request = request self._request = request
self.parsers = parsers or () self.parsers = parsers or ()
self.authenticators = authenticators or () self.authenticators = authenticators or ()
@ -144,6 +145,7 @@ class Request(object):
self._full_data = Empty self._full_data = Empty
self._content_type = Empty self._content_type = Empty
self._stream = Empty self._stream = Empty
self._csrf_exempt = csrf_exempt
if self.parser_context is None: if self.parser_context is None:
self.parser_context = {} self.parser_context = {}
@ -238,6 +240,13 @@ class Request(object):
self._authenticate() self._authenticate()
return self._authenticator return self._authenticator
@property
def csrf_exempt(self):
"""
Return the _csrf_exempt attribute
"""
return self._csrf_exempt
def _load_data_and_files(self): def _load_data_and_files(self):
""" """
Parses the request content into `self.data`. Parses the request content into `self.data`.

5
rest_framework/views.py
View File

@ -368,12 +368,15 @@ class APIView(View):
""" """
parser_context = self.get_parser_context(request) parser_context = self.get_parser_context(request)
csrf_exempt = getattr(self, 'csrf_exempt', False)
return Request( return Request(
request, request,
parsers=self.get_parsers(), parsers=self.get_parsers(),
authenticators=self.get_authenticators(), authenticators=self.get_authenticators(),
negotiator=self.get_content_negotiator(), negotiator=self.get_content_negotiator(),
parser_context=parser_context parser_context=parser_context,
csrf_exempt=csrf_exempt
) )
def initial(self, request, *args, **kwargs): def initial(self, request, *args, **kwargs):