encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-02-03 13:14:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

CSRF validation will only be applied to POST requests, so let's only load .RAW_CONTENT in those cases

Browse Source
This commit is contained in:
tom christie tom@tomchristie.com 2011-04-26 21:08:36 +01:00
parent da7d49a384
commit b508ca38d4
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
djangorestframework/authenticators.py
View File

@ -80,14 +80,18 @@ class BasicAuthenticator(BaseAuthenticator):
class UserLoggedInAuthenticator(BaseAuthenticator):
"""Use Djagno's built-in request session for authentication."""
"""Use Django's built-in request session for authentication."""
def authenticate(self, request):
if getattr(request, 'user', None) and request.user.is_active:
# Temporarily request.POST with .RAW_CONTENT, so that we use our more generic request parsing
# If this is a POST request we enforce CSRF validation.
if request.method.upper() == 'POST':
# Temporarily replace request.POST with .RAW_CONTENT,
# so that we use our more generic request parsing
request._post = self.mixin.RAW_CONTENT
resp = CsrfViewMiddleware().process_view(request, None, (), {})
del(request._post)
if resp is None: # csrf passed
if resp is not None: # csrf failed
return None
return request.user
return None