diff options
| author | Magnus Hagander | 2015-01-25 19:57:30 +0000 |
|---|---|---|
| committer | Magnus Hagander | 2015-01-25 19:57:30 +0000 |
| commit | e90f91c5c2fce52f8f247c88f857defe6645dc6a (patch) | |
| tree | ae540d1d026fa5a34437ee6fc3f879a5cbe655f4 /postgresqleu/views.py | |
| parent | 5120197f51c2b8926d424c776c4d615d862c5c44 (diff) | |
Re-enable CSRF framework
Seems this was only enabled in one of my feature branches. It should
definitely be enabled, to make sure it protects the forms of the site.
There may be some forms that are now broken - there might be more views
that require @csrf_exempt. We'll have to fix those one by one.
Diffstat (limited to 'postgresqleu/views.py')
| -rw-r--r-- | postgresqleu/views.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/postgresqleu/views.py b/postgresqleu/views.py index 5b613157..d38565a4 100644 --- a/postgresqleu/views.py +++ b/postgresqleu/views.py @@ -14,3 +14,10 @@ def index(request): 'news': news, }) +# Handle CSRF failures +def csrf_failure(request, reason=''): + resp = render_to_response('csrf_failure.html', { + 'reason': reason, + }) + resp.status_code = 403 # Forbidden + return resp |