我们从Python开源项目中,提取了以下17个代码示例,用于说明如何使用django.views.decorators.csrf.csrf_exempt()。
def service(func): """ Make sure this is the first/closest @wrapper on your service function Note that this decorator tags the original function with meta and new arguments. The real url-->fn() registeration happens in __init__.py autodiscover() because of @url. """ @csrf_exempt # setting wrapper.csrf_exempt = True, consulted by CsrfViewMiddleware def wrapper(req, *args, **kwargs): response = ExpressResponse() request = ExpressRequest(req) func(request, response, *args, **kwargs) # all service functions should have this signature. return response._res wrapper.__name__ = func.__name__ wrapper.__doc__ = func.__doc__ wrapper.__module__ = func.__module__ # base entrypoint wrapper._path = func.__name__ return wrapper # use only on a Django ORM Model cls
def as_view(cls, **initkwargs): """ Store the original class on the view function. This allows us to discover information about the view when we do URL reverse lookups. Used for breadcrumb generation. """ if isinstance(getattr(cls, 'queryset', None), models.query.QuerySet): def force_evaluation(): raise RuntimeError( 'Do not evaluate the `.queryset` attribute directly, ' 'as the result will be cached and reused between requests. ' 'Use `.all()` or call `.get_queryset()` instead.' ) cls.queryset._fetch_all = force_evaluation view = super(APIView, cls).as_view(**initkwargs) view.cls = cls view.initkwargs = initkwargs # Note: session based authentication is explicitly CSRF validated, # all other authentication is CSRF exempt. return csrf_exempt(view)
def as_view(cls, **initkwargs): """ Store the original class on the view function. This allows us to discover information about the view when we do URL reverse lookups. Used for breadcrumb generation. """ if isinstance(getattr(cls, 'queryset', None), models.query.QuerySet): def force_evaluation(): raise RuntimeError( 'Do not evaluate the `.queryset` attribute directly, ' 'as the result will be cached and reused between requests. ' 'Use `.all()` or call `.get_queryset()` instead.' ) cls.queryset._fetch_all = force_evaluation cls.queryset._result_iter = force_evaluation # Django <= 1.5 view = super(APIView, cls).as_view(**initkwargs) view.cls = cls # Note: session based authentication is explicitly CSRF validated, # all other authentication is CSRF exempt. return csrf_exempt(view)
def csrf(func): """ Ensures csrf token cookie or checkes it based on request method type. """ @wraps(func) def wrapper(req, *args, **kwargs): if req.method in ('GET', 'HEAD', 'OPTIONS', 'TRACE'): return (ensure_csrf_cookie(func))(req, *args, **kwargs) # Default cookie by CSRF_COOKIE_NAME in settings is 'csrftoken' # submit back in either req.form['csrfmiddlewaretoken'] or req['X-CSRFToken'] # the latter often used by Ajax and can be configured by CSRF_HEADER_NAME in settings else: func.csrf_exempt = False # reset csrf_exempt set by @csrf_exempt during @service return (csrf_protect(func))(req, *args, **kwargs) # Note that we don't use requires_csrf_token() here since it was for making the 'csrf_token' tag work in django templates. return wrapper
def _generateMountURLs(self, path, mapping, app=None): p = path @csrf_exempt # dispatcher (view) needs to be csrf exempted def dispatcher(req, *args, **kwargs): service = mapping.get(req.method, None) or mapping.get('*', None) if service: return service['src'](req, *args, **kwargs) else: return HttpResponseNotAllowed(mapping.keys()) # relative path if not p.startswith('/'): if app: p = '/'.join([app, p]) # add app name prefix in addition to 'path' # absolute path else: p = p[1:] # remove leading '/' # support reverse() in template for <a href=...> and <form action=...> reversable = mapping.get('*', None) or mapping.get('GET', None) or mapping.get('POST', None) return url(r'^{}$'.format(p), dispatcher, name='.'.join([reversable['src'].__module__, reversable['name']]) if reversable else None)
def as_view(cls, **initkwargs): view_mapping_kwargs = initkwargs.pop("view_mapping_kwargs", {}) view = super(EndpointSet, cls).as_view(**initkwargs) def view(request, *args, **kwargs): self = cls(**initkwargs) mapping = cls.view_mapping(**view_mapping_kwargs) for verb, method in mapping.items(): if hasattr(self, method): setattr(self, verb, getattr(self, method)) self.requested_method = mapping.get(request.method.lower()) self.args = args self.kwargs = kwargs self.request = request return self.dispatch(request, *args, **kwargs) functools.update_wrapper(view, cls, updated=()) functools.update_wrapper(view, cls.dispatch, assigned=()) return csrf_exempt(view)
def webhook(f): @csrf_exempt def new_f(request, *args, **kwargs): data = json.loads(request.body) or {} with Context.for_request(request, data) as context: return f(request, context, data, *args, **kwargs) return update_wrapper(new_f, f)
def dispatch(self, request, *args, **kwargs): return super(Sms, self).dispatch(request, *args, **kwargs) # @method_decorator(csrf_exempt) # here it doesn't work
def service_rpc(request, username, repository): """ Responds to 'git-receive-pack' or 'git-upload-pack' requests for the given username and repository. Decorator 'csrf_exempt' is used because git POST requests does not provide csrf cookies and therefore validation cannot be done. """ requested_repo = Repo(Repo.get_repository_location(username, repository)) response = GitResponse(service=request.path_info.split('/')[-1], action=GIT_ACTION_RESULT, repository=requested_repo, data=request.body) return response.get_http_service_rpc()
def as_view(cls, **init_kwargs): """ Store the original class on the view function. This allows us to discover information about the view when we do URL reverse lookups. Used for breadcrumb generation. """ view = super(View, cls).as_view(**init_kwargs) view.cls = cls # Note: session based authentication is explicitly CSRF validated, # all other authentication is CSRF exempt. return csrf_exempt(view)
def lock_tokens_csrf_exempt(view): return csrf_exempt(view) if API_CSRF_EXEMPT else view
def csrf_exempt(view_func): return view_func
def csrf_exempt(func): return func # Django 1.5 has moved this constant up one level.
def get_urls(self): cs_reply = csrf_exempt(CyberSourceReplyView.as_view()) review_notification = csrf_exempt(DecisionManagerNotificationView.as_view()) fingerprint = FingerprintRedirectView.as_view() urlpatterns = [ url(r'^cybersource-reply/$', cs_reply, name='cybersource-reply'), url(r'^decision-manager-review-notification/$', review_notification, name='cybersource-review-notification'), url(r'^fingerprint/(?P<url_type>.*)/$', fingerprint, name='cybersource-fingerprint-redirect'), ] return self.post_process_urls(urlpatterns)
def api_view(method): """Decorator that forces the view to require a valid API key in order to be processed. Calls to the view that do not have an appropriate key will return a 403 response. """ def f(request, *args, **kwargs): # Ensure that there is an appropriate key attached # to this request, and return a 401 otherwise. try: APIAuth.verify_request(request) except AuthenticationError as ex: return HttpResponse( content=json.dumps({ 'code': 403, 'error': unicode(ex).strip("'"), }), content_type='application/json', status=403, ) # Run the decorated method. try: response = method(request, *args, **kwargs) code = 200 # Sanity check: Did we get a tuple back? # This shorthand provides me an easy way to send back # a success response that is not a 200. if isinstance(response, tuple) and len(response) == 2: response, code = response return HttpResponse( json.dumps({ 'code': code, 'data': response, }, cls=JSONDatetimeEncoder), content_type='application/json', status=code, ) except Http404 as ex: msg = unicode(ex).strip("'") return HttpResponse( content=json.dumps({ 'code': 404, 'error': msg if msg else 'not found', }), content_type='application/json', status=404, ) f = csrf_exempt(f) return update_wrapper(f, method)
def as_view(cls, actions=None, **initkwargs): """ Because of the way class based views create a closure around the instantiated view, we need to totally reimplement `.as_view`, and slightly modify the view function that is created and returned. """ # The suffix initkwarg is reserved for identifying the viewset type # eg. 'List' or 'Instance'. cls.suffix = None # actions must not be empty if not actions: raise TypeError("The `actions` argument must be provided when " "calling `.as_view()` on a ViewSet. For example " "`.as_view({'get': 'list'})`") # sanitize keyword arguments for key in initkwargs: if key in cls.http_method_names: raise TypeError("You tried to pass in the %s method name as a " "keyword argument to %s(). Don't do that." % (key, cls.__name__)) if not hasattr(cls, key): raise TypeError("%s() received an invalid keyword %r" % ( cls.__name__, key)) def view(request, *args, **kwargs): self = cls(**initkwargs) # We also store the mapping of request methods to actions, # so that we can later set the action attribute. # eg. `self.action = 'list'` on an incoming GET request. self.action_map = actions # Bind methods to actions # This is the bit that's different to a standard view for method, action in actions.items(): handler = getattr(self, action) setattr(self, method, handler) if hasattr(self, 'get') and not hasattr(self, 'head'): self.head = self.get # And continue as usual return self.dispatch(request, *args, **kwargs) # take name and docstring from class update_wrapper(view, cls, updated=()) # and possible attributes set by decorators # like csrf_exempt from dispatch update_wrapper(view, cls.dispatch, assigned=()) # We need to set these on the view function, so that breadcrumb # generation can pick out these bits of information from a # resolved URL. view.cls = cls view.initkwargs = initkwargs view.suffix = initkwargs.get('suffix', None) view.actions = actions return csrf_exempt(view)
def as_view(cls, actions=None, **initkwargs): """ Because of the way class based views create a closure around the instantiated view, we need to totally reimplement `.as_view`, and slightly modify the view function that is created and returned. """ # The suffix initkwarg is reserved for identifying the viewset type # eg. 'List' or 'Instance'. cls.suffix = None # actions must not be empty if not actions: raise TypeError("The `actions` argument must be provided when " "calling `.as_view()` on a ViewSet. For example " "`.as_view({'get': 'list'})`") # sanitize keyword arguments for key in initkwargs: if key in cls.http_method_names: raise TypeError("You tried to pass in the %s method name as a " "keyword argument to %s(). Don't do that." % (key, cls.__name__)) if not hasattr(cls, key): raise TypeError("%s() received an invalid keyword %r" % ( cls.__name__, key)) def view(request, *args, **kwargs): self = cls(**initkwargs) # We also store the mapping of request methods to actions, # so that we can later set the action attribute. # eg. `self.action = 'list'` on an incoming GET request. self.action_map = actions # Bind methods to actions # This is the bit that's different to a standard view for method, action in actions.items(): handler = getattr(self, action) setattr(self, method, handler) # Patch this in as it's otherwise only present from 1.5 onwards if hasattr(self, 'get') and not hasattr(self, 'head'): self.head = self.get # And continue as usual return self.dispatch(request, *args, **kwargs) # take name and docstring from class update_wrapper(view, cls, updated=()) # and possible attributes set by decorators # like csrf_exempt from dispatch update_wrapper(view, cls.dispatch, assigned=()) # We need to set these on the view function, so that breadcrumb # generation can pick out these bits of information from a # resolved URL. view.cls = cls view.suffix = initkwargs.get('suffix', None) return csrf_exempt(view)
