p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Deprecated csrf_response_exempt and csrf_view_exempt decorators 

With the removal of CsrfResponseMiddleware, csrf_response_exempt serves no
purposes, and csrf_exempt and csrf_view_exempt perform the same function.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15956 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2011-03-30 17:35:41 +00:00
parent 1f5d684f14
commit 16f6acdb89
3 changed files with 24 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
django/views/decorators/csrf.py
View File

@ -1,3 +1,5 @@
import warnings
from django.middleware.csrf import CsrfViewMiddleware from django.middleware.csrf import CsrfViewMiddleware
from django.utils.decorators import decorator_from_middleware, available_attrs from django.utils.decorators import decorator_from_middleware, available_attrs
from functools import wraps from functools import wraps
@ -31,16 +33,23 @@ def csrf_response_exempt(view_func):
Modifies a view function so that its response is exempt Modifies a view function so that its response is exempt
from the post-processing of the CSRF middleware. from the post-processing of the CSRF middleware.
""" """
def wrapped_view(*args, **kwargs): warnings.warn("csrf_response_exempt is deprecated. It no longer performs a "
resp = view_func(*args, **kwargs) "function, and calls to it can be removed.",
resp.csrf_exempt = True PendingDeprecationWarning)
return resp return view_func
return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)
def csrf_view_exempt(view_func): def csrf_view_exempt(view_func):
""" """
Marks a view function as being exempt from CSRF view protection. Marks a view function as being exempt from CSRF view protection.
""" """
warnings.warn("csrf_view_exempt is deprecated. Use csrf_exempt instead.",
PendingDeprecationWarning)
return csrf_exempt(view_func)
def csrf_exempt(view_func):
"""
Marks a view function as being exempt from the CSRF view protection.
"""
# We could just do view_func.csrf_exempt = True, but decorators # We could just do view_func.csrf_exempt = True, but decorators
# are nicer if they don't have side-effects, so we return a new # are nicer if they don't have side-effects, so we return a new
# function. # function.
@ -48,13 +57,3 @@ def csrf_view_exempt(view_func):
return view_func(*args, **kwargs) return view_func(*args, **kwargs)
wrapped_view.csrf_exempt = True wrapped_view.csrf_exempt = True
return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view) return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)
def csrf_exempt(view_func):
"""
Marks a view function as being exempt from the CSRF checks
and post processing.
This is the same as using both the csrf_view_exempt and
csrf_response_exempt decorators.
"""
return csrf_response_exempt(csrf_view_exempt(view_func))

7
docs/internals/deprecation.txt
View File

@ -179,6 +179,13 @@ their deprecation, as per the :ref:`Django deprecation policy
have been deprecated since the 1.4 release. The native versions have been deprecated since the 1.4 release. The native versions
should be used instead. should be used instead.
* The :func:`~django.views.decorators.csrf.csrf_response_exempt` and
:func:`~django.views.decorators.csrf.csrf_view_exempt` decorators will
be removed. Since 1.4 ``csrf_response_exempt`` has been a no-op (it
returns the same function), and ``csrf_view_exempt`` has been a
synonym for ``django.views.decorators.csrf.csrf_exempt``, which should
be used to replace it.
* 2.0 * 2.0
* ``django.views.defaults.shortcut()``. This function has been moved * ``django.views.defaults.shortcut()``. This function has been moved
to ``django.contrib.contenttypes.views.shortcut()`` as part of the to ``django.contrib.contenttypes.views.shortcut()`` as part of the

6
tests/regressiontests/csrf_tests/tests.py
View File

@ -4,7 +4,7 @@ import warnings
from django.test import TestCase from django.test import TestCase
from django.http import HttpRequest, HttpResponse from django.http import HttpRequest, HttpResponse
from django.middleware.csrf import CsrfViewMiddleware from django.middleware.csrf import CsrfViewMiddleware
from django.views.decorators.csrf import csrf_exempt, csrf_view_exempt, requires_csrf_token from django.views.decorators.csrf import csrf_exempt, requires_csrf_token
from django.core.context_processors import csrf from django.core.context_processors import csrf
from django.conf import settings from django.conf import settings
from django.template import RequestContext, Template from django.template import RequestContext, Template
@ -200,10 +200,10 @@ class CsrfViewMiddlewareTest(TestCase):
def test_get_token_for_exempt_view(self): def test_get_token_for_exempt_view(self):
""" """
Check that get_token still works for a view decorated with 'csrf_view_exempt'. Check that get_token still works for a view decorated with 'csrf_exempt'.
""" """
req = self._get_GET_csrf_cookie_request() req = self._get_GET_csrf_cookie_request()
CsrfViewMiddleware().process_view(req, csrf_view_exempt(token_view), (), {}) CsrfViewMiddleware().process_view(req, csrf_exempt(token_view), (), {})
resp = token_view(req) resp = token_view(req)
self._check_token_present(resp) self._check_token_present(resp)