<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=""> <head> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>django.views.decorators.csrf — Django 1.11.20 documentation</title> <link rel="stylesheet" href="../../../../_static/default.css" type="text/css" /> <link rel="stylesheet" href="../../../../_static/pygments.css" type="text/css" /> <script type="text/javascript" id="documentation_options" data-url_root="../../../../" src="../../../../_static/documentation_options.js"></script> <script type="text/javascript" src="../../../../_static/jquery.js"></script> <script type="text/javascript" src="../../../../_static/underscore.js"></script> <script type="text/javascript" src="../../../../_static/doctools.js"></script> <script type="text/javascript" src="../../../../_static/language_data.js"></script> <link rel="index" title="Index" href="../../../../genindex.html" /> <link rel="search" title="Search" href="../../../../search.html" /> <script type="text/javascript" src="../../../../templatebuiltins.js"></script> <script type="text/javascript"> (function($) { if (!django_template_builtins) { // templatebuiltins.js missing, do nothing. return; } $(document).ready(function() { // Hyperlink Django template tags and filters var base = "../../../../ref/templates/builtins.html"; if (base == "#") { // Special case for builtins.html itself base = ""; } // Tags are keywords, class '.k' $("div.highlight\\-html\\+django span.k").each(function(i, elem) { var tagname = $(elem).text(); if ($.inArray(tagname, django_template_builtins.ttags) != -1) { var fragment = tagname.replace(/_/, '-'); $(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>"); } }); // Filters are functions, class '.nf' $("div.highlight\\-html\\+django span.nf").each(function(i, elem) { var filtername = $(elem).text(); if ($.inArray(filtername, django_template_builtins.tfilters) != -1) { var fragment = filtername.replace(/_/, '-'); $(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>"); } }); }); })(jQuery); </script> </head><body> <div class="document"> <div id="custom-doc" class="yui-t6"> <div id="hd"> <h1><a href="../../../../index.html">Django 1.11.20 documentation</a></h1> <div id="global-nav"> <a title="Home page" href="../../../../index.html">Home</a> | <a title="Table of contents" href="../../../../contents.html">Table of contents</a> | <a title="Global index" href="../../../../genindex.html">Index</a> | <a title="Module index" href="../../../../py-modindex.html">Modules</a> </div> <div class="nav"> <a href="../../../index.html" title="Module code" accesskey="U">up</a></div> </div> <div id="bd"> <div id="yui-main"> <div class="yui-b"> <div class="yui-g" id="_modules-django-views-decorators-csrf"> <h1>Source code for django.views.decorators.csrf</h1><div class="highlight"><pre> <span></span><span class="kn">from</span> <span class="nn">functools</span> <span class="k">import</span> <span class="n">wraps</span> <span class="kn">from</span> <span class="nn">django.middleware.csrf</span> <span class="k">import</span> <span class="n">CsrfViewMiddleware</span><span class="p">,</span> <span class="n">get_token</span> <span class="kn">from</span> <span class="nn">django.utils.decorators</span> <span class="k">import</span> <span class="n">available_attrs</span><span class="p">,</span> <span class="n">decorator_from_middleware</span> <span class="n">csrf_protect</span> <span class="o">=</span> <span class="n">decorator_from_middleware</span><span class="p">(</span><span class="n">CsrfViewMiddleware</span><span class="p">)</span> <span class="n">csrf_protect</span><span class="o">.</span><span class="vm">__name__</span> <span class="o">=</span> <span class="s2">"csrf_protect"</span> <span class="n">csrf_protect</span><span class="o">.</span><span class="vm">__doc__</span> <span class="o">=</span> <span class="s2">"""</span> <span class="s2">This decorator adds CSRF protection in exactly the same way as</span> <span class="s2">CsrfViewMiddleware, but it can be used on a per view basis. Using both, or</span> <span class="s2">using the decorator multiple times, is harmless and efficient.</span> <span class="s2">"""</span> <span class="k">class</span> <span class="nc">_EnsureCsrfToken</span><span class="p">(</span><span class="n">CsrfViewMiddleware</span><span class="p">):</span> <span class="c1"># We need this to behave just like the CsrfViewMiddleware, but not reject</span> <span class="c1"># requests or log warnings.</span> <span class="k">def</span> <span class="nf">_reject</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">reason</span><span class="p">):</span> <span class="k">return</span> <span class="kc">None</span> <span class="n">requires_csrf_token</span> <span class="o">=</span> <span class="n">decorator_from_middleware</span><span class="p">(</span><span class="n">_EnsureCsrfToken</span><span class="p">)</span> <span class="n">requires_csrf_token</span><span class="o">.</span><span class="vm">__name__</span> <span class="o">=</span> <span class="s1">'requires_csrf_token'</span> <span class="n">requires_csrf_token</span><span class="o">.</span><span class="vm">__doc__</span> <span class="o">=</span> <span class="s2">"""</span> <span class="s2">Use this decorator on views that need a correct csrf_token available to</span> <span class="s2">RequestContext, but without the CSRF protection that csrf_protect</span> <span class="s2">enforces.</span> <span class="s2">"""</span> <span class="k">class</span> <span class="nc">_EnsureCsrfCookie</span><span class="p">(</span><span class="n">CsrfViewMiddleware</span><span class="p">):</span> <span class="k">def</span> <span class="nf">_reject</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">reason</span><span class="p">):</span> <span class="k">return</span> <span class="kc">None</span> <span class="k">def</span> <span class="nf">process_view</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">callback</span><span class="p">,</span> <span class="n">callback_args</span><span class="p">,</span> <span class="n">callback_kwargs</span><span class="p">):</span> <span class="n">retval</span> <span class="o">=</span> <span class="nb">super</span><span class="p">(</span><span class="n">_EnsureCsrfCookie</span><span class="p">,</span> <span class="bp">self</span><span class="p">)</span><span class="o">.</span><span class="n">process_view</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="n">callback</span><span class="p">,</span> <span class="n">callback_args</span><span class="p">,</span> <span class="n">callback_kwargs</span><span class="p">)</span> <span class="c1"># Forces process_response to send the cookie</span> <span class="n">get_token</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="k">return</span> <span class="n">retval</span> <span class="n">ensure_csrf_cookie</span> <span class="o">=</span> <span class="n">decorator_from_middleware</span><span class="p">(</span><span class="n">_EnsureCsrfCookie</span><span class="p">)</span> <span class="n">ensure_csrf_cookie</span><span class="o">.</span><span class="vm">__name__</span> <span class="o">=</span> <span class="s1">'ensure_csrf_cookie'</span> <span class="n">ensure_csrf_cookie</span><span class="o">.</span><span class="vm">__doc__</span> <span class="o">=</span> <span class="s2">"""</span> <span class="s2">Use this decorator to ensure that a view sets a CSRF cookie, whether or not it</span> <span class="s2">uses the csrf_token template tag, or the CsrfViewMiddleware is used.</span> <span class="s2">"""</span> <div class="viewcode-block" id="csrf_exempt"><a class="viewcode-back" href="../../../../ref/csrf.html#django.views.decorators.csrf.csrf_exempt">[docs]</a><span class="k">def</span> <span class="nf">csrf_exempt</span><span class="p">(</span><span class="n">view_func</span><span class="p">):</span> <span class="sd">"""</span> <span class="sd"> Marks a view function as being exempt from the CSRF view protection.</span> <span class="sd"> """</span> <span class="c1"># We could just do view_func.csrf_exempt = True, but decorators</span> <span class="c1"># are nicer if they don't have side-effects, so we return a new</span> <span class="c1"># function.</span> <span class="k">def</span> <span class="nf">wrapped_view</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">return</span> <span class="n">view_func</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="n">wrapped_view</span><span class="o">.</span><span class="n">csrf_exempt</span> <span class="o">=</span> <span class="kc">True</span> <span class="k">return</span> <span class="n">wraps</span><span class="p">(</span><span class="n">view_func</span><span class="p">,</span> <span class="n">assigned</span><span class="o">=</span><span class="n">available_attrs</span><span class="p">(</span><span class="n">view_func</span><span class="p">))(</span><span class="n">wrapped_view</span><span class="p">)</span></div> </pre></div> </div> </div> </div> <div class="yui-b" id="sidebar"> <div class="sphinxsidebar" role="navigation" aria-label="main navigation"> <div class="sphinxsidebarwrapper"> <div id="searchbox" style="display: none" role="search"> <h3>Quick search</h3> <div class="searchformwrapper"> <form class="search" action="../../../../search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> </div> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <h3>Last update:</h3> <p class="topless">Feb 11, 2019</p> </div> </div> <div id="ft"> <div class="nav"> <a href="../../../index.html" title="Module code" accesskey="U">up</a></div> </div> </div> <div class="clearer"></div> </div> </body> </html>