#20908: csrf_exempt does not work with `__call__`
------------------------------+--------------------------------------
Reporter: akshar | Owner: nobody
Type: Bug | Status: closed
Component: contrib.csrf | Version: 1.5
Severity: Normal | Resolution: invalid
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
Changes (by mjtamlyn):
* status: new => closed
* needs_better_patch: => 0
* resolution: => invalid
* needs_tests: => 0
* needs_docs: => 0
Comment:
You may be able to work around this by decorating the class instead of the
call method. The code looks for an attribute on the "function" added by
the decorator which is not present when you add it to the method.
Alternatively, if you can use the built in class based views (which I
would strongly recommend to avoid state leak - this `__call__` approach is
potentially dangerous), then you can use the following approach:
{{{
class MyView(View):
@classonlymethod
def as_view(cls, **kwargs):
return csrf_exempt(super(MyView, cls).as_view(**kwargs)
}}}
It is possible documenting this approach (assuming it works) could be
helpful.
--
Ticket URL: <https://code.djangoproject.com/ticket/20908#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/064.38a27f1246267efc6878054bae2a257b%40djangoproject.com?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
