From: Matías Aguirre Date: Sun, 17 Jul 2011 18:55:16 +0000 (-0300) Subject: Avoid csrf check on complete views in case provider uses POST and doesn't send CSRF... X-Git-Url: https://git.parisson.com/?a=commitdiff_plain;h=721b1413c46c8fa4d7a4ce09f3cd956096c845d2;p=django-social-auth.git Avoid csrf check on complete views in case provider uses POST and doesn't send CSRF token. Refs gh-67 --- diff --git a/social_auth/views.py b/social_auth/views.py index c90410c..8f88d9d 100644 --- a/social_auth/views.py +++ b/social_auth/views.py @@ -6,6 +6,7 @@ from django.core.urlresolvers import reverse from django.db import transaction from django.contrib.auth import login, REDIRECT_FIELD_NAME from django.contrib.auth.decorators import login_required +from django.views.decorators.csrf import csrf_exempt from social_auth.backends import get_backend from social_auth.utils import sanitize_redirect @@ -33,6 +34,7 @@ def auth(request, backend): return auth_process(request, backend, COMPLETE_URL_NAME) +@csrf_exempt # If provider uses POST it won't be sending a CSRF token @transaction.commit_on_success def complete(request, backend): """Authentication complete view, override this view if transaction @@ -77,6 +79,7 @@ def associate(request, backend): return auth_process(request, backend, ASSOCIATE_URL_NAME) +@csrf_exempt # If provider uses POST it won't be sending a CSRF token @login_required def associate_complete(request, backend): """Authentication complete process"""