How to allow POST restful webservice calls with Django Piston and CSRF protection?_问答_开发者

How to allow POST restful webservice calls with Django Piston and CSRF protection?

开发者 https://www.devze.com 2023-03-29 09:04 出处：网络

I\'m new to django-piston and cannot get POST webservice calls开发者_如何学C to work due to Django\'s CSRF protection.How do I allow webservice calls to bypass the CSRF protection and still allow the

I'm new to django-piston and cannot get POST webservice calls开发者_如何学C to work due to Django's CSRF protection. How do I allow webservice calls to bypass the CSRF protection and still allow the rest of the webpages to keep them?

Found the solution: https://bitbucket.org/jespern/django-piston/issue/82/post-requests-fail-when-using-django-trunk, credit goes to Brian Zambrano.

I find it a bit annoying that this is two years old, a patch has been created and still not merged into the latest source.

To fix it apply the patch to your piston/resource.py file by adding self.csrf_exempt = getattr(self.handler, 'csrf_exempt', True) like below:

         self.handler = handler()
+        self.csrf_exempt = getattr(self.handler, 'csrf_exempt', True)

         if not authentication:
             self.authentication = NoAuthentication()

Why do you need to do that? CSRF is a simple domain check ... but if you really really need it, the answer is in the documentation: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#csrf-protection-should-be-disabled-for-just-a-few-views