[Fixed]-@csrf_exempt stopped working in Django 1.4

22👍

According to the django docs:

To decorate every instance of a class-based view, you need to decorate
the class definition itself. To do this you apply the decorator to the
dispatch() method of the class.

So you’d need to do something like:

class MyView(ApiView):

    def POST(self):
       # (...)
       return HttpResponse(json.dumps(True), mimetype="text/javascript")

    @csrf_exempt
    def dispatch(self, *args, **kwargs):
        return super(MyView, self).dispatch(*args, **kwargs)
👤dgel

12👍

Just use csrf_exempt in the urls.py. ie::

urls.py

..other imports...
from django.views.decorators.csrf import csrf_exempt   
from myapp.views import MyView

urlpatterns = patterns('',
   url(r'^myview/(?P<parameter_name>[A-Za-z0-9-_]+)/$',
       csrf_exempt(MyView.as_view()), # use csrf_exempt here
       name="myproject-myapp-myview",
       ),
)

3👍

csrf_exempt has to decorate a function. In your urls you can decorate a that function, docs can be found here.

(r'^vote/', permission_required('polls.can_vote')(VoteView.as_view())),

Leave a comment