Added csrf support. Closes issue #34.

This commit is contained in:
Martin Mahner 2013-12-17 22:52:21 +01:00
parent 9be3dea930
commit 130605a04c
4 changed files with 4 additions and 4 deletions

View file

@ -1,3 +0,0 @@
class DisableCSRF(object):
def process_request(self, request):
setattr(request, '_dont_enforce_csrf_checks', True)

View file

@ -83,7 +83,7 @@ LOGIN_REDIRECT_URL = '/'
#============================================================================== #==============================================================================
MIDDLEWARE_CLASSES = ( MIDDLEWARE_CLASSES = (
'dpaste.disable.DisableCSRF', 'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.common.CommonMiddleware', 'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware',

View file

@ -72,6 +72,7 @@
</p> </p>
<form method="POST" action="{% url "snippet_delete" %}"> <form method="POST" action="{% url "snippet_delete" %}">
{% csrf_token %}
<input name="snippet_id"> <input type="Submit" value="Submit"/> <input name="snippet_id"> <input type="Submit" value="Submit"/>
</form> </form>

View file

@ -14,6 +14,7 @@ from django.core.urlresolvers import reverse
from django.db.models import Count from django.db.models import Count
from django.views.defaults import (page_not_found as django_page_not_found, from django.views.defaults import (page_not_found as django_page_not_found,
server_error as django_server_error) server_error as django_server_error)
from django.views.decorators.csrf import csrf_exempt
from dpaste.forms import SnippetForm from dpaste.forms import SnippetForm
from dpaste.models import Snippet from dpaste.models import Snippet
@ -265,6 +266,7 @@ FORMAT_MAPPING = {
'json': _format_json, 'json': _format_json,
} }
@csrf_exempt
def snippet_api(request): def snippet_api(request):
content = request.POST.get('content', '').strip() content = request.POST.get('content', '').strip()
lexer = request.POST.get('lexer', LEXER_DEFAULT).strip() lexer = request.POST.get('lexer', LEXER_DEFAULT).strip()