diff options
author | Jeremy Kerr <jk@ozlabs.org> | 2010-08-10 12:11:40 +0800 |
---|---|---|
committer | Jeremy Kerr <jk@ozlabs.org> | 2010-08-10 12:11:40 +0800 |
commit | 5b984a0262c42ef5ac8f05a687978235a12a6e28 (patch) | |
tree | d93cf9e6202ab8ccf826c949d214e467825f7044 /apps/settings.py | |
parent | 482ba5ac5e2fb71a8ae26ae9d5c5c72c33c35b23 (diff) | |
download | patchwork-5b984a0262c42ef5ac8f05a687978235a12a6e28.tar.bz2 patchwork-5b984a0262c42ef5ac8f05a687978235a12a6e28.tar.xz |
views: implement CSRF protection
Since we've got the csrf token present, we may as well check it for
requests.
We're using RequestContext already (via PatchworkRequestContext), so we
just need to switch it on in the settings, and add an exemption on the
xmlrpc interface.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Diffstat (limited to 'apps/settings.py')
-rw-r--r-- | apps/settings.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/apps/settings.py b/apps/settings.py index 20c8db3..68837b3 100644 --- a/apps/settings.py +++ b/apps/settings.py @@ -62,6 +62,7 @@ MIDDLEWARE_CLASSES = ( 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.middleware.doc.XViewMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', ) ROOT_URLCONF = 'apps.urls' |