From 5b984a0262c42ef5ac8f05a687978235a12a6e28 Mon Sep 17 00:00:00 2001
From: Jeremy Kerr <jk@ozlabs.org>
Date: Tue, 10 Aug 2010 12:11:40 +0800
Subject: views: implement CSRF protection

Since we've got the csrf token present, we may as well check it for
requests.

We're using RequestContext already (via PatchworkRequestContext), so we
just need to switch it on in the settings, and add an exemption on the
xmlrpc interface.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
---
 apps/settings.py | 1 +
 1 file changed, 1 insertion(+)

(limited to 'apps/settings.py')

diff --git a/apps/settings.py b/apps/settings.py
index 20c8db3..68837b3 100644
--- a/apps/settings.py
+++ b/apps/settings.py
@@ -62,6 +62,7 @@ MIDDLEWARE_CLASSES = (
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.middleware.doc.XViewMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
 )
 
 ROOT_URLCONF = 'apps.urls'
-- 
cgit v1.2.3