Hello.
I came across a problem that I don't fully understand. I try to
implement a view where I want to turn csrf protection off. My view is
implemented as a class based view, eg:
class BaseHandler(object):
"""Base class to provide method lookup per HTTP method."""
def __call__(self, request, **kwargs):
self.request = request
try:
callback = getattr(self, "do_%s" % request.method)
except AttributeError:
allowed_methods = [m.lstrip("do_") for m in dir(self) if
m.startswith("do_")]
return HttpResponseNotAllowed(allowed_methods)
return callback(**kwargs)
class SpecificHandler(BaseHandler):
"""Implement the HTTP methods."""
def do_POST(self, **kwargs):
pass
If I want to use the @csrf_exempt on the class method 'do_POST', it
doesn't get recognised. It is only accepted if I wrap the whole class
inside the decorator, eg:
# This doesn't work
class SpecificHandler(BaseHandler):
@csrf_exempt
def do_POST(self, **kwargs):
pass
# This works
@csrf_exempt
class SpecificHandler(BaseHandler):
def do_POST(self, **kwargs):
pass
But I wonder if that is the right way to do because than all class
methods are excepted from the csrf protection.
1) Why is the decorator not wrapping the class method (more a python
question I guess)?
2) Is there any other way how I could turn off the csrf protection for
this single class method?
Any enlightenment is very much appreciated.
cheers
Christo
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
