colovicam63900
/
Django
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11 Commits
1 Branch
Tree: 7bb3690afe
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7bb3690afe'
${ noResults }
Django/venv/lib/python3.7/site-packages/django/views/decorators/csrf.py

csrf.py 2.0KB
Raw Blame History

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 
  1. from functools import wraps

  2. 

  3. from django.middleware.csrf import CsrfViewMiddleware, get_token

  4. from django.utils.decorators import decorator_from_middleware

  5. 

  6. csrf_protect = decorator_from_middleware(CsrfViewMiddleware)

  7. csrf_protect.__name__ = "csrf_protect"

  8. csrf_protect.__doc__ = """

  9. This decorator adds CSRF protection in exactly the same way as

  10. CsrfViewMiddleware, but it can be used on a per view basis.  Using both, or

  11. using the decorator multiple times, is harmless and efficient.

  12. """

  13. 

  14. 

  15. class _EnsureCsrfToken(CsrfViewMiddleware):

  16.     # Behave like CsrfViewMiddleware but don't reject requests or log warnings.

  17.     def _reject(self, request, reason):

  18.         return None

  19. 

  20. 

  21. requires_csrf_token = decorator_from_middleware(_EnsureCsrfToken)

  22. requires_csrf_token.__name__ = 'requires_csrf_token'

  23. requires_csrf_token.__doc__ = """

  24. Use this decorator on views that need a correct csrf_token available to

  25. RequestContext, but without the CSRF protection that csrf_protect

  26. enforces.

  27. """

  28. 

  29. 

  30. class _EnsureCsrfCookie(CsrfViewMiddleware):

  31.     def _reject(self, request, reason):

  32.         return None

  33. 

  34.     def process_view(self, request, callback, callback_args, callback_kwargs):

  35.         retval = super().process_view(request, callback, callback_args, callback_kwargs)

  36.         # Force process_response to send the cookie

  37.         get_token(request)

  38.         return retval

  39. 

  40. 

  41. ensure_csrf_cookie = decorator_from_middleware(_EnsureCsrfCookie)

  42. ensure_csrf_cookie.__name__ = 'ensure_csrf_cookie'

  43. ensure_csrf_cookie.__doc__ = """

  44. Use this decorator to ensure that a view sets a CSRF cookie, whether or not it

  45. uses the csrf_token template tag, or the CsrfViewMiddleware is used.

  46. """

  47. 

  48. 

  49. def csrf_exempt(view_func):

  50.     """Mark a view function as being exempt from the CSRF view protection."""

  51.     # view_func.csrf_exempt = True would also work, but decorators are nicer

  52.     # if they don't have side effects, so return a new function.

  53.     def wrapped_view(*args, **kwargs):

  54.         return view_func(*args, **kwargs)

  55.     wrapped_view.csrf_exempt = True

  56.     return wraps(view_func)(wrapped_view)