From 6ecde113b6035d2066d66256d33d0c8281392d0b Mon Sep 17 00:00:00 2001 From: Martin Mahner Date: Wed, 13 Sep 2017 09:35:47 +0200 Subject: [PATCH] Fixed CSRF check in API. Closes #94. --- dpaste/tests/test_api.py | 3 +-- dpaste/urls/dpaste_api.py | 3 ++- dpaste/views.py | 1 - 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/dpaste/tests/test_api.py b/dpaste/tests/test_api.py index a4b6f0e..38c4107 100644 --- a/dpaste/tests/test_api.py +++ b/dpaste/tests/test_api.py @@ -13,8 +13,7 @@ class SnippetAPITestCase(TestCase): def setUp(self): self.api_url = reverse('dpaste_api_create_snippet') - self.client = Client() - + self.client = Client(enforce_csrf_checks=True) def test_empty(self): """ diff --git a/dpaste/urls/dpaste_api.py b/dpaste/urls/dpaste_api.py index 45ed101..91c125a 100644 --- a/dpaste/urls/dpaste_api.py +++ b/dpaste/urls/dpaste_api.py @@ -1,9 +1,10 @@ from __future__ import unicode_literals from django.conf.urls import url +from django.views.decorators.csrf import csrf_exempt from ..views import APIView urlpatterns = [ - url(r'^api/$', APIView.as_view(), name='dpaste_api_create_snippet'), + url(r'^api/$', csrf_exempt(APIView.as_view()), name='dpaste_api_create_snippet'), ] diff --git a/dpaste/views.py b/dpaste/views.py index ac30c6e..b0873be 100644 --- a/dpaste/views.py +++ b/dpaste/views.py @@ -291,7 +291,6 @@ class APIView(View): """ API View """ - @method_decorator(csrf_exempt) def post(self, request, *args, **kwargs): content = request.POST.get('content', '').strip() lexer = request.POST.get('lexer', LEXER_DEFAULT).strip()