Coverage for /var/srv/projects/api.amasfac.comuna18.com/tmp/venv/lib/python3.9/site-packages/django/views/decorators/csrf.py: 84%
27 statements
« prev ^ index » next coverage.py v6.4.4, created at 2023-07-17 14:22 -0600
« prev ^ index » next coverage.py v6.4.4, created at 2023-07-17 14:22 -0600
1from functools import wraps
3from django.middleware.csrf import CsrfViewMiddleware, get_token
4from django.utils.decorators import decorator_from_middleware
6csrf_protect = decorator_from_middleware(CsrfViewMiddleware)
7csrf_protect.__name__ = "csrf_protect"
8csrf_protect.__doc__ = """
9This decorator adds CSRF protection in exactly the same way as
10CsrfViewMiddleware, but it can be used on a per view basis. Using both, or
11using the decorator multiple times, is harmless and efficient.
12"""
15class _EnsureCsrfToken(CsrfViewMiddleware):
16 # Behave like CsrfViewMiddleware but don't reject requests or log warnings.
17 def _reject(self, request, reason):
18 return None
21requires_csrf_token = decorator_from_middleware(_EnsureCsrfToken)
22requires_csrf_token.__name__ = "requires_csrf_token"
23requires_csrf_token.__doc__ = """
24Use this decorator on views that need a correct csrf_token available to
25RequestContext, but without the CSRF protection that csrf_protect
26enforces.
27"""
30class _EnsureCsrfCookie(CsrfViewMiddleware):
31 def _reject(self, request, reason):
32 return None
34 def process_view(self, request, callback, callback_args, callback_kwargs):
35 retval = super().process_view(request, callback, callback_args, callback_kwargs)
36 # Force process_response to send the cookie
37 get_token(request)
38 return retval
41ensure_csrf_cookie = decorator_from_middleware(_EnsureCsrfCookie)
42ensure_csrf_cookie.__name__ = "ensure_csrf_cookie"
43ensure_csrf_cookie.__doc__ = """
44Use this decorator to ensure that a view sets a CSRF cookie, whether or not it
45uses the csrf_token template tag, or the CsrfViewMiddleware is used.
46"""
49def csrf_exempt(view_func):
50 """Mark a view function as being exempt from the CSRF view protection."""
51 # view_func.csrf_exempt = True would also work, but decorators are nicer
52 # if they don't have side effects, so return a new function.
53 def wrapped_view(*args, **kwargs):
54 return view_func(*args, **kwargs)
56 wrapped_view.csrf_exempt = True
57 return wraps(view_func)(wrapped_view)