Since we've got the csrf token present, we may as well check it for
requests.
We're using RequestContext already (via PatchworkRequestContext), so we
just need to switch it on in the settings, and add an exemption on the
xmlrpc interface.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
from django.shortcuts import render_to_response
from django.contrib.auth import authenticate
from patchwork.models import Patch, Project, Person, Bundle, State
+from django.views.decorators.csrf import csrf_exempt
import sys
import base64
dispatcher = PatchworkXMLRPCDispatcher()
# XMLRPC view function
+@csrf_exempt
def xmlrpc(request):
if request.method != 'POST':
return HttpResponseRedirect(
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.middleware.doc.XViewMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
)
ROOT_URLCONF = 'apps.urls'