Make password reset endpoint CSRF exempt

This is necessary for mobile apps

Make password reset endpoint CSRF exempt
This is necessary for mobile apps
a2f86074 · Greg Price · e2fbc09d · a2f86074
Commit a2f86074 authored Oct 10, 2014 by Greg Price
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletions

common/djangoapps/student/views.py
+2 -1

No files found.
--- a/common/djangoapps/student/views.py
+++ b/common/djangoapps/student/views.py
@@ -29,6 +29,7 @@ from django_future.csrf import ensure_csrf_cookie
 from django.utils.http import cookie_date, base36_to_int
 from django.utils.translation import ugettext as _, get_language
 from django.views.decorators.cache import never_cache
+from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_POST, require_GET

 from django.db.models.signals import post_save
@@ -1829,7 +1830,7 @@ def activate_account(request, key):
    return HttpResponse(_("Unknown error. Please e-mail us to let us know how it happened."))


-@ensure_csrf_cookie
+@csrf_exempt
 def password_reset(request):
    """ Attempts to send a password reset e-mail. """
    if request.method != "POST":