views: implement CSRF protection
authorJeremy Kerr <jk@ozlabs.org>
Tue, 10 Aug 2010 04:11:40 +0000 (12:11 +0800)
committerJeremy Kerr <jk@ozlabs.org>
Tue, 10 Aug 2010 04:11:40 +0000 (12:11 +0800)
commit5b984a0262c42ef5ac8f05a687978235a12a6e28
treed93cf9e6202ab8ccf826c949d214e467825f7044
parent482ba5ac5e2fb71a8ae26ae9d5c5c72c33c35b23
views: implement CSRF protection

Since we've got the csrf token present, we may as well check it for
requests.

We're using RequestContext already (via PatchworkRequestContext), so we
just need to switch it on in the settings, and add an exemption on the
xmlrpc interface.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
apps/patchwork/views/xmlrpc.py
apps/settings.py