Fixed CSRF check in API. Closes #94.

2024-11-15 16:12:51 +11:00 · 2017-09-13 09:35:47 +02:00 · 2017-09-13 09:35:47 +02:00 · 6ecde113b6
commit 6ecde113b6
parent cf61cc52d4
3 changed files with 3 additions and 4 deletions
--- a/dpaste/tests/test_api.py
+++ b/dpaste/tests/test_api.py
@ -13,8 +13,7 @@ class SnippetAPITestCase(TestCase):
    def setUp(self):
        self.api_url = reverse('dpaste_api_create_snippet')
-        self.client = Client()
+        self.client = Client(enforce_csrf_checks=True)
    def test_empty(self):
        """
--- a/dpaste/urls/dpaste_api.py
+++ b/dpaste/urls/dpaste_api.py
@ -1,9 +1,10 @@
 from __future__ import unicode_literals
 from django.conf.urls import url
 from django.views.decorators.csrf import csrf_exempt
 from ..views import APIView
 urlpatterns = [
-    url(r'^api/$', APIView.as_view(), name='dpaste_api_create_snippet'),
+    url(r'^api/$', csrf_exempt(APIView.as_view()), name='dpaste_api_create_snippet'),
 ]
--- a/dpaste/views.py
+++ b/dpaste/views.py
@ -291,7 +291,6 @@ class APIView(View):
    """
    API View
    """
    @method_decorator(csrf_exempt)
    def post(self, request, *args, **kwargs):
        content = request.POST.get('content', '').strip()
        lexer = request.POST.get('lexer', LEXER_DEFAULT).strip()