diff options
| author | Tom Christie | 2014-09-03 18:49:34 +0100 |
|---|---|---|
| committer | Tom Christie | 2014-09-03 18:49:34 +0100 |
| commit | 840fe7b05c1f7312a254d6ce563d986adb4d1bc4 (patch) | |
| tree | b37ae7a509087a732ed51407d34914831e8d9b84 /rest_framework/views.py | |
| parent | 415b33b49f18b1e4ece3d18d26a3f4df09d5d2ad (diff) | |
| parent | fc9be55d436dbdd4a667d331348cfb5f421c4c91 (diff) | |
| download | django-rest-framework-840fe7b05c1f7312a254d6ce563d986adb4d1bc4.tar.bz2 | |
Merge pull request #1706 from pipermerriam/piper/use_decorator_mixin_class
Alter CSRF exemption implementation
Diffstat (limited to 'rest_framework/views.py')
| -rw-r--r-- | rest_framework/views.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/rest_framework/views.py b/rest_framework/views.py index 23df3443..38346ab7 100644 --- a/rest_framework/views.py +++ b/rest_framework/views.py @@ -103,7 +103,9 @@ class APIView(View): """ view = super(APIView, cls).as_view(**initkwargs) view.cls = cls - return view + # Note: session based authentication is explicitly CSRF validated, + # all other authentication is CSRF exempt. + return csrf_exempt(view) @property def allowed_methods(self): @@ -371,9 +373,9 @@ class APIView(View): response.exception = True return response - # Note: session based authentication is explicitly CSRF validated, - # all other authentication is CSRF exempt. - @csrf_exempt + # Note: Views are made CSRF exempt from within `as_view` as to prevent + # accidental removal of this exemption in cases where `dispatch` needs to + # be overridden. def dispatch(self, request, *args, **kwargs): """ `.dispatch()` is pretty much the same as Django's regular dispatch, |