django1/django/views/decorators/csrf.py

from django.middleware.csrf import CsrfViewMiddleware
from django.utils.decorators import decorator_from_middleware, available_attrs

try:
    from functools import wraps
except ImportError:
    from django.utils.functional import wraps  # Python 2.3, 2.4 fallback.

csrf_protect = decorator_from_middleware(CsrfViewMiddleware)
csrf_protect.__name__ = "csrf_protect"
csrf_protect.__doc__ = """
This decorator adds CSRF protection in exactly the same way as
CsrfViewMiddleware, but it can be used on a per view basis.  Using both, or
using the decorator multiple times, is harmless and efficient.
"""

def csrf_response_exempt(view_func):
    """
    Modifies a view function so that its response is exempt
    from the post-processing of the CSRF middleware.
    """
    def wrapped_view(*args, **kwargs):
        resp = view_func(*args, **kwargs)
        resp.csrf_exempt = True
        return resp
    return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)

def csrf_view_exempt(view_func):
    """
    Marks a view function as being exempt from CSRF view protection.
    """
    # We could just do view_func.csrf_exempt = True, but decorators
    # are nicer if they don't have side-effects, so we return a new
    # function.
    def wrapped_view(*args, **kwargs):
        return view_func(*args, **kwargs)
    wrapped_view.csrf_exempt = True
    return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)

def csrf_exempt(view_func):
    """
    Marks a view function as being exempt from the CSRF checks
    and post processing.

    This is the same as using both the csrf_view_exempt and
    csrf_response_exempt decorators.
    """
    return csrf_response_exempt(csrf_view_exempt(view_func))
Moved contrib.csrf.* to core code. There is stub code for backwards compatiblity with Django 1.1 imports. The documentation has been updated, but has been left in docs/contrib/csrf.txt for now, in order to avoid dead links to documentation on the website. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2009-10-27 08:36:34 +08:00			`from django.middleware.csrf import CsrfViewMiddleware`
Fixed #13093 -- Updated some decorators and the decorator_from_middleware function to allow callable classes to be decorated. Thanks to Brian Neal for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12762 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-03-12 21:06:13 +08:00			`from django.utils.decorators import decorator_from_middleware, available_attrs`

Moved contrib.csrf.* to core code. There is stub code for backwards compatiblity with Django 1.1 imports. The documentation has been updated, but has been left in docs/contrib/csrf.txt for now, in order to avoid dead links to documentation on the website. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2009-10-27 08:36:34 +08:00			`try:`
			`from functools import wraps`
			`except ImportError:`
			`from django.utils.functional import wraps # Python 2.3, 2.4 fallback.`

			`csrf_protect = decorator_from_middleware(CsrfViewMiddleware)`
			`csrf_protect.__name__ = "csrf_protect"`
			`csrf_protect.__doc__ = """`
			`This decorator adds CSRF protection in exactly the same way as`
			`CsrfViewMiddleware, but it can be used on a per view basis. Using both, or`
			`using the decorator multiple times, is harmless and efficient.`
			`"""`

			`def csrf_response_exempt(view_func):`
			`"""`
			`Modifies a view function so that its response is exempt`
			`from the post-processing of the CSRF middleware.`
			`"""`
			`def wrapped_view(args, *kwargs):`
			`resp = view_func(args, *kwargs)`
			`resp.csrf_exempt = True`
			`return resp`
Fixed #13093 -- Updated some decorators and the decorator_from_middleware function to allow callable classes to be decorated. Thanks to Brian Neal for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12762 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-03-12 21:06:13 +08:00			`return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)`
Moved contrib.csrf.* to core code. There is stub code for backwards compatiblity with Django 1.1 imports. The documentation has been updated, but has been left in docs/contrib/csrf.txt for now, in order to avoid dead links to documentation on the website. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2009-10-27 08:36:34 +08:00
			`def csrf_view_exempt(view_func):`
			`"""`
			`Marks a view function as being exempt from CSRF view protection.`
			`"""`
			`# We could just do view_func.csrf_exempt = True, but decorators`
			`# are nicer if they don't have side-effects, so we return a new`
			`# function.`
			`def wrapped_view(args, *kwargs):`
			`return view_func(args, *kwargs)`
			`wrapped_view.csrf_exempt = True`
Fixed #13093 -- Updated some decorators and the decorator_from_middleware function to allow callable classes to be decorated. Thanks to Brian Neal for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12762 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-03-12 21:06:13 +08:00			`return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)`
Moved contrib.csrf.* to core code. There is stub code for backwards compatiblity with Django 1.1 imports. The documentation has been updated, but has been left in docs/contrib/csrf.txt for now, in order to avoid dead links to documentation on the website. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2009-10-27 08:36:34 +08:00
			`def csrf_exempt(view_func):`
			`"""`
			`Marks a view function as being exempt from the CSRF checks`
			`and post processing.`

			`This is the same as using both the csrf_view_exempt and`
			`csrf_response_exempt decorators.`
			`"""`
			`return csrf_response_exempt(csrf_view_exempt(view_func))`