encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-07-27 08:29:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

added setting and code to turn off extra CSRF checking for unsafe actions

Browse Source
This commit is contained in:
Rick Yazwinski 2013-01-17 15:56:16 -05:00
parent e429f702e0
commit d2e12c293b
1 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
rest_framework/compat.py
View File

@ -290,6 +290,12 @@ else:
)
return self._reject(request, REASON_NO_CSRF_COOKIE)
if hasattr(settings, 'REST_FRAMEWORK_EXTRA_CSRF'):
extra_csrf = settings.REST_FRAMEWORK_EXTRA_CSRF
else:
extra_csrf = True
if extra_csrf:
# check non-cookie token for match
request_csrf_token = ""
if request.method == "POST":