Python django.views.decorators.csrf.csrf_exempt() Examples

def fix_initial_order(self, initial_order):
        """
        "initial_order" is a list of (position, direction) tuples; for example:
            [[1, 'asc'], [5, 'desc']]

        Here, we also accept positions expressed as column names,
        and convert the to the corresponding numeric position.
        """
        values = []
        keys = list(self.column_index.keys())
        for position, direction in initial_order:
            if type(position) == str:
                position = keys.index(position)
            values.append([position, direction])
        return values

    #@method_decorator(csrf_exempt) 

def cached_api(*args, **kwargs):
    """
    Only works on API endpoints with csrf_exempt=True and public_jsonp=False.
    """
    def decorator(func):
        kwargs['request_gatekeeper'] = lambda request: not getattr(cached_view, 'never_cache', False)
        kwargs['response_gatekeeper'] = _response_gatekeeper

        def response_wrapper(ret):
            ret = loads(ret)
            ret['success'] = True
            ret = client_dumps(ret)
            return HttpResponse(ret, 'application/json')

        cache_func = cached_view(*args,
                                 cached_response_wrapper=response_wrapper,
                                 serializer=client_dumps,
                                 **kwargs)(func)
        cache_func.arg_spec = ArgSpec(func)

        return cache_func
    return decorator 

def provider_for_django(provider):
    def provider_view(request):
        def get_header(key, default):
            django_key = 'HTTP_%s' % key.upper().replace('-', '_')
            return request.META.get(django_key, default)
        method = request.method
        # Compatible with low version Django
        try:
            signed_data = request.raw_post_data
        except AttributeError:
            signed_data = request.body
        # if getattr(request, 'body', None):
        #     signed_data = request.body
        # else:
        #     signed_data = request.raw_post_data
        status_code, data = provider.get_response(
            method,
            signed_data,
            get_header,
        )
        return HttpResponse(data, status=status_code)
    return csrf_exempt(provider_view) 

def as_view(cls, **initkwargs):
        """
        Store the original class on the view function.
        This allows us to discover information about the view when we do URL
        reverse lookups.  Used for breadcrumb generation.
        """
        if isinstance(getattr(cls, 'queryset', None), models.query.QuerySet):
            def force_evaluation():
                raise RuntimeError(
                    'Do not evaluate the `.queryset` attribute directly, '
                    'as the result will be cached and reused between requests. '
                    'Use `.all()` or call `.get_queryset()` instead.'
                )
            cls.queryset._fetch_all = force_evaluation

        view = super(APIView, cls).as_view(**initkwargs)
        view.cls = cls
        view.initkwargs = initkwargs

        # Note: session based authentication is explicitly CSRF validated,
        # all other authentication is CSRF exempt.
        return csrf_exempt(view) 

def as_view(cls, **initkwargs):
        view = super(CSRFExemptMixin, cls).as_view(**initkwargs)
        return csrf_exempt(view) 

def as_view(cls, **init_kwargs):
        """
        Store the original class on the view function.

        This allows us to discover information about the view when we do URL
        reverse lookups.  Used for breadcrumb generation.
        """
        view = super(View, cls).as_view(**init_kwargs)
        view.cls = cls
        # Note: session based authentication is explicitly CSRF validated,
        # all other authentication is CSRF exempt.
        return csrf_exempt(view) 

def test_get_token_for_exempt_view(self):
        """
        get_token still works for a view decorated with 'csrf_exempt'.
        """
        req = self._get_GET_csrf_cookie_request()
        self.mw.process_request(req)
        self.mw.process_view(req, csrf_exempt(token_view), (), {})
        resp = token_view(req)
        self._check_token_present(resp) 

def test_process_request_csrf_cookie_no_token_exempt_view(self):
        """
        If a CSRF cookie is present and no token, but the csrf_exempt decorator
        has been applied to the view, the middleware lets it through
        """
        req = self._get_POST_csrf_cookie_request()
        self.mw.process_request(req)
        req2 = self.mw.process_view(req, csrf_exempt(post_form_view), (), {})
        self.assertIsNone(req2) 

def test_get_token_for_exempt_view(self):
        """
        get_token still works for a view decorated with 'csrf_exempt'.
        """
        req = self._get_GET_csrf_cookie_request()
        self.mw.process_request(req)
        self.mw.process_view(req, csrf_exempt(token_view), (), {})
        resp = token_view(req)
        self._check_token_present(resp) 

def test_process_request_csrf_cookie_no_token_exempt_view(self):
        """
        If a CSRF cookie is present and no token, but the csrf_exempt decorator
        has been applied to the view, the middleware lets it through
        """
        req = self._get_POST_csrf_cookie_request()
        self.mw.process_request(req)
        req2 = self.mw.process_view(req, csrf_exempt(post_form_view), (), {})
        self.assertIsNone(req2) 

def as_detail(self, *args, **kwargs):
        return csrf_exempt(super(DjangoResource, self).as_detail(*args, **kwargs)) 

def as_list(self, *args, **kwargs):
        return csrf_exempt(super(DjangoResource, self).as_list(*args, **kwargs)) 

def as_view(cls, **initkwargs):
        view = super(BaseRouteView, cls).as_view(**initkwargs)
        view.cls = cls
        view.initkwargs = initkwargs
        return csrf_exempt(view) 

def dispatch(self, *args, **kwargs):  # pylint: disable=arguments-differ
        """
        Request needs to be csrf_exempt to handle POST back from external payment processor.
        """
        return super(CheckoutErrorView, self).dispatch(*args, **kwargs) 

def dispatch(self, *args, **kwargs):  # pylint: disable=arguments-differ
        """
        Request needs to be csrf_exempt to handle POST back from external payment processor.
        """
        return super(CancelCheckoutView, self).dispatch(*args, **kwargs) 

def service_rpc(request, username, repository):
    """
        Responds to 'git-receive-pack' or 'git-upload-pack' requests
            for the given username and repository.
        Decorator 'csrf_exempt' is used because git POST requests does not provide csrf cookies and
            therefore validation cannot be done.
    """

    requested_repo = Repo(Repo.get_repository_location(username, repository))
    response = GitResponse(service=request.path_info.split('/')[-1], action=GIT_ACTION_RESULT,
                    repository=requested_repo, data=request.body)

    return response.get_http_service_rpc() 

def as_view(cls, *args, **kwargs):
        view = super(AuthenticatedGraphQLView, cls).as_view(*args, **kwargs)
        view = permission_classes((IsAuthenticated,))(view)
        view = authentication_classes(api_settings.DEFAULT_AUTHENTICATION_CLASSES)(view)
        view = throttle_classes(api_settings.DEFAULT_THROTTLE_CLASSES)(view)
        view = api_view(["GET", "POST"])(view)
        view = csrf_exempt(view)

        return view 

def as_view(cls, *args, **kwargs):
        view = super(ExtraGraphQLView, cls).as_view(*args, **kwargs)
        view = csrf_exempt(view)
        return view 

def as_view(cls, *args, **kwargs):
        return csrf_exempt(super().as_view(*args, **kwargs))