Merge pull request #1706 from pipermerriam/piper/use_decorator_mixin_class

Alter CSRF exemption implementation

Merge pull request #1706 from pipermerriam/piper/use_decorator_mixin_class
Alter CSRF exemption implementation
840fe7b0 · Tom Christie · 415b33b4 · fc9be55d · 840fe7b0
Commit 840fe7b0 authored Sep 03, 2014 by Tom Christie
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

rest_framework/views.py
+6 -4

No files found.
--- a/rest_framework/views.py
+++ b/rest_framework/views.py
@@ -103,7 +103,9 @@ class APIView(View):
        """
        view = super(APIView, cls).as_view(**initkwargs)
        view.cls = cls
-        return view
+        # Note: session based authentication is explicitly CSRF validated,
+        # all other authentication is CSRF exempt.
+        return csrf_exempt(view)
    @property
    def allowed_methods(self):
@@ -371,9 +373,9 @@ class APIView(View):
        response.exception = True
        return response
-    # Note: session based authentication is explicitly CSRF validated,
+    # Note: Views are made CSRF exempt from within `as_view` as to prevent
-    # all other authentication is CSRF exempt.
+    # accidental removal of this exemption in cases where `dispatch` needs to
-    @csrf_exempt
+    # be overridden.
    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,