🩹 use csrf_exempt decorator instead of CSRF_TRUSTED_ORIGINS

2025-06-18 17:00:30 +02:00 · 2025-06-18 17:00:30 +02:00 · 6f03a47129
parent 828b4096a3
commit 6f03a47129
1 changed files with 5 additions and 3 deletions
--- a/src/booking.py
+++ b/src/booking.py
@ -7,7 +7,7 @@ import markdown
 import requests
 import shortuuid
-from django.conf.global_settings import CSRF_TRUSTED_ORIGINS
+from django.views.decorators.csrf import csrf_exempt
 from django.core.validators import URLValidator
 from django.db import models
 from django.shortcuts import render, get_object_or_404
@ -40,8 +40,6 @@ app = Django(
    STATICFILES_DIRS=[
        BASE_DIR / "static",
    ],
    CSRF_TRUSTED_ORIGINS=[host for host in
                          os.getenv("DJANGO_ALLOWED_HOSTS", "").split(",")]
 )
 # Import ninja after nanodjango has been initialised to avoid this error:
@ -250,6 +248,7 @@ def get_version():
@api.get("/info")
@csrf_exempt
 def info(request):
    if request.user.is_anonymous:
        user = APIKey.objects.get(key=request.auth.key).user
@ -260,6 +259,7 @@ def info(request):
@api.post("/{calendar}/event", response={201: EventSchemaOut})
@csrf_exempt
 def create_event(request, calendar: str, event: EventSchemaIn):
    user = get_user(request)
    cal = get_object_or_404(Calendar, name=calendar)
@ -271,6 +271,7 @@ def create_event(request, calendar: str, event: EventSchemaIn):
@api.delete("/{calendar}/event/{event_id}", response={204: None})
@csrf_exempt
 def delete_event(request, calendar: str, event_id: str):
    user = get_user(request)
    cal = get_object_or_404(Calendar, name=calendar)
@ -286,6 +287,7 @@ app.route("api/", include=api.urls)
@app.route("/")
@csrf_exempt
 def home(request):
    return render(request, "index.html", {
        "content": get_markdown(),