Proper from addresses, static view allows CSRF

dad70c5a · Piotr Mitros · 55c10212 · dad70c5a · dad70c5a
Commit dad70c5a authored Jan 13, 2012 by Piotr Mitros
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 4 deletions

settings.py
+2 -2

static_template_view/views.py
+7 -2

No files found.
--- a/settings.py
+++ b/settings.py
@@ -7,8 +7,8 @@ if not COURSEWARE_ENABLED:
 EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 SITE_NAME = "localhost:8000"
-DEFAULT_FROM_EMAIL = 'nobody@localhost'
+DEFAULT_FROM_EMAIL = 'registration@mitx.mit.edu'
-DEFAULT_FEEDBACK_EMAIL = 'nobody@localhost'
+DEFAULT_FEEDBACK_EMAIL = 'feedback@mitx.mit.edu'
 WIKI_REQUIRE_LOGIN_EDIT = True
 WIKI_REQUIRE_LOGIN_VIEW = True

--- a/static_template_view/views.py
+++ b/static_template_view/views.py
@@ -6,11 +6,16 @@
 from djangomako.shortcuts import render_to_response, render_to_string
 from django.shortcuts import redirect
-valid_templates=['index.html', 'staff.html', 'info.html', 'credits.html']
+from auth.views import csrf
+#valid_templates=['index.html', 'staff.html', 'info.html', 'credits.html']
+valid_templates=['mitx.html', 'index.html', 'courseinfo.html']
 def index(request, template): 
+    csrf_token = csrf(request)['csrf_token']
    if template in valid_templates:
-        return render_to_response(template,{})
+        return render_to_response(template,{'error' : '',
+                                            'csrf': csrf_token})
    else:
        return redirect('/')