Fixed CSRF check in API. Closes #94.

This commit is contained in:
Martin Mahner 2017-09-13 09:35:47 +02:00
parent cf61cc52d4
commit 6ecde113b6
3 changed files with 3 additions and 4 deletions

View file

@ -13,8 +13,7 @@ class SnippetAPITestCase(TestCase):
def setUp(self): def setUp(self):
self.api_url = reverse('dpaste_api_create_snippet') self.api_url = reverse('dpaste_api_create_snippet')
self.client = Client() self.client = Client(enforce_csrf_checks=True)
def test_empty(self): def test_empty(self):
""" """

View file

@ -1,9 +1,10 @@
from __future__ import unicode_literals from __future__ import unicode_literals
from django.conf.urls import url from django.conf.urls import url
from django.views.decorators.csrf import csrf_exempt
from ..views import APIView from ..views import APIView
urlpatterns = [ urlpatterns = [
url(r'^api/$', APIView.as_view(), name='dpaste_api_create_snippet'), url(r'^api/$', csrf_exempt(APIView.as_view()), name='dpaste_api_create_snippet'),
] ]

View file

@ -291,7 +291,6 @@ class APIView(View):
""" """
API View API View
""" """
@method_decorator(csrf_exempt)
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
content = request.POST.get('content', '').strip() content = request.POST.get('content', '').strip()
lexer = request.POST.get('lexer', LEXER_DEFAULT).strip() lexer = request.POST.get('lexer', LEXER_DEFAULT).strip()