#20908: csrf_exempt does not work with `__call__`
------------------------------+--------------------------------------
     Reporter:  akshar        |                    Owner:  nobody
         Type:  Bug           |                   Status:  closed
    Component:  contrib.csrf  |                  Version:  1.5
     Severity:  Normal        |               Resolution:  invalid
     Keywords:                |             Triage Stage:  Unreviewed
    Has patch:  0             |      Needs documentation:  0
  Needs tests:  0             |  Patch needs improvement:  0
Easy pickings:  0             |                    UI/UX:  0
------------------------------+--------------------------------------
Changes (by mjtamlyn):

 * status:  new => closed
 * needs_better_patch:   => 0
 * resolution:   => invalid
 * needs_tests:   => 0
 * needs_docs:   => 0


Comment:

 You may be able to work around this by decorating the class instead of the
 call method. The code looks for an attribute on the "function" added by
 the decorator which is not present when you add it to the method.

 Alternatively, if you can use the built in class based views (which I
 would strongly recommend to avoid state leak - this `__call__` approach is
 potentially dangerous), then you can use the following approach:

 {{{
 class MyView(View):
     @classonlymethod
     def as_view(cls, **kwargs):
         return csrf_exempt(super(MyView, cls).as_view(**kwargs)
 }}}

 It is possible documenting this approach (assuming it works) could be
 helpful.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/20908#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.38a27f1246267efc6878054bae2a257b%40djangoproject.com?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.


Reply via email to