From 16f6acdb89c42efaa99b81989a9fae01ff8e607d Mon Sep 17 00:00:00 2001 From: Luke Plant Date: Wed, 30 Mar 2011 17:35:41 +0000 Subject: [PATCH] Deprecated csrf_response_exempt and csrf_view_exempt decorators With the removal of CsrfResponseMiddleware, csrf_response_exempt serves no purposes, and csrf_exempt and csrf_view_exempt perform the same function. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15956 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/views/decorators/csrf.py | 29 +++++++++++------------ docs/internals/deprecation.txt | 7 ++++++ tests/regressiontests/csrf_tests/tests.py | 6 ++--- 3 files changed, 24 insertions(+), 18 deletions(-) diff --git a/django/views/decorators/csrf.py b/django/views/decorators/csrf.py index 19fa4f7218..c9fd82ceed 100644 --- a/django/views/decorators/csrf.py +++ b/django/views/decorators/csrf.py @@ -1,3 +1,5 @@ +import warnings + from django.middleware.csrf import CsrfViewMiddleware from django.utils.decorators import decorator_from_middleware, available_attrs from functools import wraps @@ -31,16 +33,23 @@ def csrf_response_exempt(view_func): Modifies a view function so that its response is exempt from the post-processing of the CSRF middleware. """ - def wrapped_view(*args, **kwargs): - resp = view_func(*args, **kwargs) - resp.csrf_exempt = True - return resp - return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view) + warnings.warn("csrf_response_exempt is deprecated. It no longer performs a " + "function, and calls to it can be removed.", + PendingDeprecationWarning) + return view_func def csrf_view_exempt(view_func): """ Marks a view function as being exempt from CSRF view protection. """ + warnings.warn("csrf_view_exempt is deprecated. Use csrf_exempt instead.", + PendingDeprecationWarning) + return csrf_exempt(view_func) + +def csrf_exempt(view_func): + """ + Marks a view function as being exempt from the CSRF view protection. + """ # We could just do view_func.csrf_exempt = True, but decorators # are nicer if they don't have side-effects, so we return a new # function. @@ -48,13 +57,3 @@ def csrf_view_exempt(view_func): return view_func(*args, **kwargs) wrapped_view.csrf_exempt = True return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view) - -def csrf_exempt(view_func): - """ - Marks a view function as being exempt from the CSRF checks - and post processing. - - This is the same as using both the csrf_view_exempt and - csrf_response_exempt decorators. - """ - return csrf_response_exempt(csrf_view_exempt(view_func)) diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt index b1f0286384..730f21d699 100644 --- a/docs/internals/deprecation.txt +++ b/docs/internals/deprecation.txt @@ -179,6 +179,13 @@ their deprecation, as per the :ref:`Django deprecation policy have been deprecated since the 1.4 release. The native versions should be used instead. + * The :func:`~django.views.decorators.csrf.csrf_response_exempt` and + :func:`~django.views.decorators.csrf.csrf_view_exempt` decorators will + be removed. Since 1.4 ``csrf_response_exempt`` has been a no-op (it + returns the same function), and ``csrf_view_exempt`` has been a + synonym for ``django.views.decorators.csrf.csrf_exempt``, which should + be used to replace it. + * 2.0 * ``django.views.defaults.shortcut()``. This function has been moved to ``django.contrib.contenttypes.views.shortcut()`` as part of the diff --git a/tests/regressiontests/csrf_tests/tests.py b/tests/regressiontests/csrf_tests/tests.py index 37a10044c4..22cebcf547 100644 --- a/tests/regressiontests/csrf_tests/tests.py +++ b/tests/regressiontests/csrf_tests/tests.py @@ -4,7 +4,7 @@ import warnings from django.test import TestCase from django.http import HttpRequest, HttpResponse from django.middleware.csrf import CsrfViewMiddleware -from django.views.decorators.csrf import csrf_exempt, csrf_view_exempt, requires_csrf_token +from django.views.decorators.csrf import csrf_exempt, requires_csrf_token from django.core.context_processors import csrf from django.conf import settings from django.template import RequestContext, Template @@ -200,10 +200,10 @@ class CsrfViewMiddlewareTest(TestCase): def test_get_token_for_exempt_view(self): """ - Check that get_token still works for a view decorated with 'csrf_view_exempt'. + Check that get_token still works for a view decorated with 'csrf_exempt'. """ req = self._get_GET_csrf_cookie_request() - CsrfViewMiddleware().process_view(req, csrf_view_exempt(token_view), (), {}) + CsrfViewMiddleware().process_view(req, csrf_exempt(token_view), (), {}) resp = token_view(req) self._check_token_present(resp)