🩹 use csrf_exempt decorator instead of CSRF_TRUSTED_ORIGINS
This commit is contained in:
Marc Koch
parent
828b4096a3
commit
6f03a47129
GPG Key ID:
12406554CFB028B9
|
|
@ -7,7 +7,7 @@ import markdown
|
|||
|
||||
import requests
|
||||
import shortuuid
|
||||
from django.conf.global_settings import CSRF_TRUSTED_ORIGINS
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from django.core.validators import URLValidator
|
||||
from django.db import models
|
||||
from django.shortcuts import render, get_object_or_404
|
||||
|
|
@ -40,8 +40,6 @@ app = Django(
|
|||
STATICFILES_DIRS=[
|
||||
BASE_DIR / "static",
|
||||
],
|
||||
CSRF_TRUSTED_ORIGINS=[host for host in
|
||||
os.getenv("DJANGO_ALLOWED_HOSTS", "").split(",")]
|
||||
)
|
||||
|
||||
# Import ninja after nanodjango has been initialised to avoid this error:
|
||||
|
|
@ -250,6 +248,7 @@ def get_version():
|
|||
|
||||
|
||||
@api.get("/info")
|
||||
@csrf_exempt
|
||||
def info(request):
|
||||
if request.user.is_anonymous:
|
||||
user = APIKey.objects.get(key=request.auth.key).user
|
||||
|
|
@ -260,6 +259,7 @@ def info(request):
|
|||
|
||||
|
||||
@api.post("/{calendar}/event", response={201: EventSchemaOut})
|
||||
@csrf_exempt
|
||||
def create_event(request, calendar: str, event: EventSchemaIn):
|
||||
user = get_user(request)
|
||||
cal = get_object_or_404(Calendar, name=calendar)
|
||||
|
|
@ -271,6 +271,7 @@ def create_event(request, calendar: str, event: EventSchemaIn):
|
|||
|
||||
|
||||
@api.delete("/{calendar}/event/{event_id}", response={204: None})
|
||||
@csrf_exempt
|
||||
def delete_event(request, calendar: str, event_id: str):
|
||||
user = get_user(request)
|
||||
cal = get_object_or_404(Calendar, name=calendar)
|
||||
|
|
@ -286,6 +287,7 @@ app.route("api/", include=api.urls)
|
|||
|
||||
|
||||
@app.route("/")
|
||||
@csrf_exempt
|
||||
def home(request):
|
||||
return render(request, "index.html", {
|
||||
"content": get_markdown(),
|
||||
|
|
|
|||
Loading…
Reference in New Issue