mirror of
https://github.com/DarrenOfficial/dpaste.git
synced 2024-12-19 00:09:21 +11:00
Added csrf support. Closes issue #34.
This commit is contained in:
parent
9be3dea930
commit
130605a04c
4 changed files with 4 additions and 4 deletions
|
@ -1,3 +0,0 @@
|
|||
class DisableCSRF(object):
|
||||
def process_request(self, request):
|
||||
setattr(request, '_dont_enforce_csrf_checks', True)
|
|
@ -83,7 +83,7 @@ LOGIN_REDIRECT_URL = '/'
|
|||
#==============================================================================
|
||||
|
||||
MIDDLEWARE_CLASSES = (
|
||||
'dpaste.disable.DisableCSRF',
|
||||
'django.middleware.csrf.CsrfViewMiddleware',
|
||||
'django.middleware.common.CommonMiddleware',
|
||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
||||
|
|
|
@ -72,6 +72,7 @@
|
|||
</p>
|
||||
|
||||
<form method="POST" action="{% url "snippet_delete" %}">
|
||||
{% csrf_token %}
|
||||
<input name="snippet_id"> <input type="Submit" value="Submit"/>
|
||||
</form>
|
||||
|
||||
|
|
|
@ -14,6 +14,7 @@ from django.core.urlresolvers import reverse
|
|||
from django.db.models import Count
|
||||
from django.views.defaults import (page_not_found as django_page_not_found,
|
||||
server_error as django_server_error)
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
|
||||
from dpaste.forms import SnippetForm
|
||||
from dpaste.models import Snippet
|
||||
|
@ -265,6 +266,7 @@ FORMAT_MAPPING = {
|
|||
'json': _format_json,
|
||||
}
|
||||
|
||||
@csrf_exempt
|
||||
def snippet_api(request):
|
||||
content = request.POST.get('content', '').strip()
|
||||
lexer = request.POST.get('lexer', LEXER_DEFAULT).strip()
|
||||
|
|
Loading…
Reference in a new issue