# HG changeset patch # User ymh # Date 1469448907 -7200 # Node ID 2ae638db35ea960e458aa17e6bdfb43ae2d42f47 # Parent 5e0138f7749d4d8b18f038413609db45ea96e359 force csrf cookie to be send on edit and view renkan views diff -r 5e0138f7749d -r 2ae638db35ea server/src/metaeducation/urls.py --- a/server/src/metaeducation/urls.py Mon Jul 25 12:13:27 2016 +0200 +++ b/server/src/metaeducation/urls.py Mon Jul 25 14:15:07 2016 +0200 @@ -18,8 +18,10 @@ from django.contrib.admin.views.decorators import staff_member_required from django.contrib.staticfiles.urls import staticfiles_urlpatterns from django.core.urlresolvers import reverse_lazy +from django.views.decorators.csrf import requires_csrf_token from django.views.generic import RedirectView + from .views import ListRenkansView, NewRenkanView, EditRenkanView, ViewRenkanView, DeleteRenkanView, UITrackingView, UITrackingViewClose @@ -30,8 +32,8 @@ url(r'^accounts/', include('allauth.urls')), url(r'^front/list/$', staff_member_required(ListRenkansView.as_view()), name='front_list_renkans'), url(r'^front/new/$', NewRenkanView.as_view(), name='front_new_renkan'), - url(r'^front/edit/(?P[\w-]+)/$', EditRenkanView.as_view(), name='front_edit_renkan'), - url(r'^front/view/(?P[\w-]+)/$', ViewRenkanView.as_view(), name='front_view_renkan'), + url(r'^front/edit/(?P[\w-]+)/$', requires_csrf_token(EditRenkanView.as_view()), name='front_edit_renkan'), + url(r'^front/view/(?P[\w-]+)/$', requires_csrf_token(ViewRenkanView.as_view()), name='front_view_renkan'), url(r'^tracking/$', UITrackingView.as_view(), name='tracking_view'), url(r'^tracking/close/$', UITrackingViewClose.as_view(), name='tracking_view_close'), url(r'^front/delete/$', staff_member_required(DeleteRenkanView.as_view()), name='front_delete_renkan')