Hello. I came across a problem that I don't fully understand. I try to implement a view where I want to turn csrf protection off. My view is implemented as a class based view, eg:
class BaseHandler(object): """Base class to provide method lookup per HTTP method.""" def __call__(self, request, **kwargs): self.request = request try: callback = getattr(self, "do_%s" % request.method) except AttributeError: allowed_methods = [m.lstrip("do_") for m in dir(self) if m.startswith("do_")] return HttpResponseNotAllowed(allowed_methods) return callback(**kwargs) class SpecificHandler(BaseHandler): """Implement the HTTP methods.""" def do_POST(self, **kwargs): pass If I want to use the @csrf_exempt on the class method 'do_POST', it doesn't get recognised. It is only accepted if I wrap the whole class inside the decorator, eg: # This doesn't work class SpecificHandler(BaseHandler): @csrf_exempt def do_POST(self, **kwargs): pass # This works @csrf_exempt class SpecificHandler(BaseHandler): def do_POST(self, **kwargs): pass But I wonder if that is the right way to do because than all class methods are excepted from the csrf protection. 1) Why is the decorator not wrapping the class method (more a python question I guess)? 2) Is there any other way how I could turn off the csrf protection for this single class method? Any enlightenment is very much appreciated. cheers Christo -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.