mirror of
https://github.com/django/django.git
synced 2025-01-22 00:02:15 +00:00
Deprecated csrf_response_exempt and csrf_view_exempt decorators
With the removal of CsrfResponseMiddleware, csrf_response_exempt serves no purposes, and csrf_exempt and csrf_view_exempt perform the same function. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15956 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
1f5d684f14
commit
16f6acdb89
@ -1,3 +1,5 @@
|
|||||||
|
import warnings
|
||||||
|
|
||||||
from django.middleware.csrf import CsrfViewMiddleware
|
from django.middleware.csrf import CsrfViewMiddleware
|
||||||
from django.utils.decorators import decorator_from_middleware, available_attrs
|
from django.utils.decorators import decorator_from_middleware, available_attrs
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
@ -31,16 +33,23 @@ def csrf_response_exempt(view_func):
|
|||||||
Modifies a view function so that its response is exempt
|
Modifies a view function so that its response is exempt
|
||||||
from the post-processing of the CSRF middleware.
|
from the post-processing of the CSRF middleware.
|
||||||
"""
|
"""
|
||||||
def wrapped_view(*args, **kwargs):
|
warnings.warn("csrf_response_exempt is deprecated. It no longer performs a "
|
||||||
resp = view_func(*args, **kwargs)
|
"function, and calls to it can be removed.",
|
||||||
resp.csrf_exempt = True
|
PendingDeprecationWarning)
|
||||||
return resp
|
return view_func
|
||||||
return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)
|
|
||||||
|
|
||||||
def csrf_view_exempt(view_func):
|
def csrf_view_exempt(view_func):
|
||||||
"""
|
"""
|
||||||
Marks a view function as being exempt from CSRF view protection.
|
Marks a view function as being exempt from CSRF view protection.
|
||||||
"""
|
"""
|
||||||
|
warnings.warn("csrf_view_exempt is deprecated. Use csrf_exempt instead.",
|
||||||
|
PendingDeprecationWarning)
|
||||||
|
return csrf_exempt(view_func)
|
||||||
|
|
||||||
|
def csrf_exempt(view_func):
|
||||||
|
"""
|
||||||
|
Marks a view function as being exempt from the CSRF view protection.
|
||||||
|
"""
|
||||||
# We could just do view_func.csrf_exempt = True, but decorators
|
# We could just do view_func.csrf_exempt = True, but decorators
|
||||||
# are nicer if they don't have side-effects, so we return a new
|
# are nicer if they don't have side-effects, so we return a new
|
||||||
# function.
|
# function.
|
||||||
@ -48,13 +57,3 @@ def csrf_view_exempt(view_func):
|
|||||||
return view_func(*args, **kwargs)
|
return view_func(*args, **kwargs)
|
||||||
wrapped_view.csrf_exempt = True
|
wrapped_view.csrf_exempt = True
|
||||||
return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)
|
return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)
|
||||||
|
|
||||||
def csrf_exempt(view_func):
|
|
||||||
"""
|
|
||||||
Marks a view function as being exempt from the CSRF checks
|
|
||||||
and post processing.
|
|
||||||
|
|
||||||
This is the same as using both the csrf_view_exempt and
|
|
||||||
csrf_response_exempt decorators.
|
|
||||||
"""
|
|
||||||
return csrf_response_exempt(csrf_view_exempt(view_func))
|
|
||||||
|
@ -179,6 +179,13 @@ their deprecation, as per the :ref:`Django deprecation policy
|
|||||||
have been deprecated since the 1.4 release. The native versions
|
have been deprecated since the 1.4 release. The native versions
|
||||||
should be used instead.
|
should be used instead.
|
||||||
|
|
||||||
|
* The :func:`~django.views.decorators.csrf.csrf_response_exempt` and
|
||||||
|
:func:`~django.views.decorators.csrf.csrf_view_exempt` decorators will
|
||||||
|
be removed. Since 1.4 ``csrf_response_exempt`` has been a no-op (it
|
||||||
|
returns the same function), and ``csrf_view_exempt`` has been a
|
||||||
|
synonym for ``django.views.decorators.csrf.csrf_exempt``, which should
|
||||||
|
be used to replace it.
|
||||||
|
|
||||||
* 2.0
|
* 2.0
|
||||||
* ``django.views.defaults.shortcut()``. This function has been moved
|
* ``django.views.defaults.shortcut()``. This function has been moved
|
||||||
to ``django.contrib.contenttypes.views.shortcut()`` as part of the
|
to ``django.contrib.contenttypes.views.shortcut()`` as part of the
|
||||||
|
@ -4,7 +4,7 @@ import warnings
|
|||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from django.http import HttpRequest, HttpResponse
|
from django.http import HttpRequest, HttpResponse
|
||||||
from django.middleware.csrf import CsrfViewMiddleware
|
from django.middleware.csrf import CsrfViewMiddleware
|
||||||
from django.views.decorators.csrf import csrf_exempt, csrf_view_exempt, requires_csrf_token
|
from django.views.decorators.csrf import csrf_exempt, requires_csrf_token
|
||||||
from django.core.context_processors import csrf
|
from django.core.context_processors import csrf
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.template import RequestContext, Template
|
from django.template import RequestContext, Template
|
||||||
@ -200,10 +200,10 @@ class CsrfViewMiddlewareTest(TestCase):
|
|||||||
|
|
||||||
def test_get_token_for_exempt_view(self):
|
def test_get_token_for_exempt_view(self):
|
||||||
"""
|
"""
|
||||||
Check that get_token still works for a view decorated with 'csrf_view_exempt'.
|
Check that get_token still works for a view decorated with 'csrf_exempt'.
|
||||||
"""
|
"""
|
||||||
req = self._get_GET_csrf_cookie_request()
|
req = self._get_GET_csrf_cookie_request()
|
||||||
CsrfViewMiddleware().process_view(req, csrf_view_exempt(token_view), (), {})
|
CsrfViewMiddleware().process_view(req, csrf_exempt(token_view), (), {})
|
||||||
resp = token_view(req)
|
resp = token_view(req)
|
||||||
self._check_token_present(resp)
|
self._check_token_present(resp)
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user