External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-03 07:35:28 -02:30
Code Issues Packages Projects Releases Wiki Activity

properly enforce CSRF validation

Browse Source 
see: https://github.com/ansible/tower/issues/2339
This commit is contained in:
Ryan Petrello
2018-06-27 15:50:07 -04:00
parent 39bc64d089
commit 504dfd32ee
5 changed files with 17 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
awx/api/authentication.py
View File

@@ -39,9 +39,6 @@ class SessionAuthentication(authentication.SessionAuthentication):
def authenticate_header(self, request):
return 'Session'
def enforce_csrf(self, request):
return None
class LoggedOAuth2Authentication(OAuth2Authentication):

4
awx/api/views.py
View File

@@ -24,7 +24,8 @@ from django.shortcuts import get_object_or_404
from django.utils.encoding import smart_text
from django.utils.safestring import mark_safe
from django.utils.timezone import now
from django.views.decorators.csrf import csrf_exempt
from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_exempt, ensure_csrf_cookie
from django.template.loader import render_to_string
from django.http import HttpResponse
from django.contrib.contenttypes.models import ContentType
@@ -229,6 +230,7 @@ class ApiRootView(APIView):
versioning_class = None
swagger_topic = 'Versioning'
@method_decorator(ensure_csrf_cookie)
def get(self, request, format=None):
''' List supported API versions '''