views: implement CSRF protection

Since we've got the csrf token present, we may as well check it for requests. We're using RequestContext already (via PatchworkRequestContext), so we just need to switch it on in the settings, and add an exemption on the xmlrpc interface. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
author: Jeremy Kerr <jk@ozlabs.org> 2010-08-10 12:11:40 +0800
committer: Jeremy Kerr <jk@ozlabs.org> 2010-08-10 12:11:40 +0800
commit: 5b984a0262c42ef5ac8f05a687978235a12a6e28 (patch)
tree: d93cf9e6202ab8ccf826c949d214e467825f7044 /apps/settings.py
parent: 482ba5ac5e2fb71a8ae26ae9d5c5c72c33c35b23 (diff)
download: patchwork-5b984a0262c42ef5ac8f05a687978235a12a6e28.tar.bz2
patchwork-5b984a0262c42ef5ac8f05a687978235a12a6e28.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/apps/settings.py b/apps/settings.py
index 20c8db3..68837b3 100644
--- a/apps/settings.py
+++ b/apps/settings.py
@@ -62,6 +62,7 @@ MIDDLEWARE_CLASSES = (
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.middleware.doc.XViewMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
 )
 
 ROOT_URLCONF = 'apps.urls'
author	Jeremy Kerr <jk@ozlabs.org>	2010-08-10 12:11:40 +0800
committer	Jeremy Kerr <jk@ozlabs.org>	2010-08-10 12:11:40 +0800
commit	5b984a0262c42ef5ac8f05a687978235a12a6e28 (patch)
tree	d93cf9e6202ab8ccf826c949d214e467825f7044 /apps/settings.py
parent	482ba5ac5e2fb71a8ae26ae9d5c5c72c33c35b23 (diff)
download	patchwork-5b984a0262c42ef5ac8f05a687978235a12a6e28.tar.bz2 patchwork-5b984a0262c42ef5ac8f05a687978235a12a6e28.tar.xz