Ana Sayfa Keşfet Yardım
Giriş Yap
CityApper
/
django
şunun yansıması https://github.com/django/django
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Ağaç: 8cf4de206c
Dallar Biçim İmleri
django
/
django
/
views
/
decorators
/
csrf.py

csrf.py 2.0 KB
Geçmiş Ham

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. from functools import wraps
    2. 

  2. 

  3. from django.middleware.csrf import CsrfViewMiddleware, get_token
    4. 

  4. from django.utils.decorators import decorator_from_middleware
    5. 

  5. 

  6. csrf_protect = decorator_from_middleware(CsrfViewMiddleware)
    7. 

  7. csrf_protect.__name__ = "csrf_protect"
    8. 

  8. csrf_protect.__doc__ = """
    9. 

  9. This decorator adds CSRF protection in exactly the same way as
    10. 

  10. CsrfViewMiddleware, but it can be used on a per view basis.  Using both, or
    11. 

  11. using the decorator multiple times, is harmless and efficient.
    12. 

  12. """
    13. 

  13. 

  14. 

  15. class _EnsureCsrfToken(CsrfViewMiddleware):
    16. 

  16.     # Behave like CsrfViewMiddleware but don't reject requests or log warnings.
    17. 

  17.     def _reject(self, request, reason):
    18. 

  18.         return None
    19. 

  19. 

  20. 

  21. requires_csrf_token = decorator_from_middleware(_EnsureCsrfToken)
    22. 

  22. requires_csrf_token.__name__ = "requires_csrf_token"
    23. 

  23. requires_csrf_token.__doc__ = """
    24. 

  24. Use this decorator on views that need a correct csrf_token available to
    25. 

  25. RequestContext, but without the CSRF protection that csrf_protect
    26. 

  26. enforces.
    27. 

  27. """
    28. 

  28. 

  29. 

  30. class _EnsureCsrfCookie(CsrfViewMiddleware):
    31. 

  31.     def _reject(self, request, reason):
    32. 

  32.         return None
    33. 

  33. 

  34.     def process_view(self, request, callback, callback_args, callback_kwargs):
    35. 

  35.         retval = super().process_view(request, callback, callback_args, callback_kwargs)
    36. 

  36.         # Force process_response to send the cookie
    37. 

  37.         get_token(request)
    38. 

  38.         return retval
    39. 

  39. 

  40. 

  41. ensure_csrf_cookie = decorator_from_middleware(_EnsureCsrfCookie)
    42. 

  42. ensure_csrf_cookie.__name__ = "ensure_csrf_cookie"
    43. 

  43. ensure_csrf_cookie.__doc__ = """
    44. 

  44. Use this decorator to ensure that a view sets a CSRF cookie, whether or not it
    45. 

  45. uses the csrf_token template tag, or the CsrfViewMiddleware is used.
    46. 

  46. """
    47. 

  47. 

  48. 

  49. def csrf_exempt(view_func):
    50. 

  50.     """Mark a view function as being exempt from the CSRF view protection."""
    51. 

  51.     # view_func.csrf_exempt = True would also work, but decorators are nicer
    52. 

  52.     # if they don't have side effects, so return a new function.
    53. 

  53.     @wraps(view_func)
    54. 

  54.     def wrapper_view(*args, **kwargs):
    55. 

  55.         return view_func(*args, **kwargs)
    56. 

  56. 

  57.     wrapper_view.csrf_exempt = True
    58. 

  58.     return wrapper_view
    59.