# HG changeset patch # User ymh # Date 1469461164 -7200 # Node ID c4a34224d0749c2eabebad5ab08aa06ff3000f02 # Parent 0e6c317e9b5592814c0278bfa58276ea912427bd this ensure_csrf_cookie not requires_csrf_cookie... + add a login_required on the renkan edit view diff -r 0e6c317e9b55 -r c4a34224d074 server/src/metaeducation/urls.py --- a/server/src/metaeducation/urls.py Mon Jul 25 16:30:02 2016 +0200 +++ b/server/src/metaeducation/urls.py Mon Jul 25 17:39:24 2016 +0200 @@ -15,10 +15,11 @@ """ from django.conf.urls import include, url from django.contrib import admin +from django.contrib.auth.decorators import login_required from django.contrib.admin.views.decorators import staff_member_required from django.contrib.staticfiles.urls import staticfiles_urlpatterns from django.core.urlresolvers import reverse_lazy -from django.views.decorators.csrf import requires_csrf_token +from django.views.decorators.csrf import ensure_csrf_cookie from django.views.generic import RedirectView @@ -32,8 +33,8 @@ url(r'^accounts/', include('allauth.urls')), url(r'^front/list/$', staff_member_required(ListRenkansView.as_view()), name='front_list_renkans'), url(r'^front/new/$', NewRenkanView.as_view(), name='front_new_renkan'), - url(r'^front/edit/(?P[\w-]+)/$', requires_csrf_token(EditRenkanView.as_view()), name='front_edit_renkan'), - url(r'^front/view/(?P[\w-]+)/$', requires_csrf_token(ViewRenkanView.as_view()), name='front_view_renkan'), + url(r'^front/edit/(?P[\w-]+)/$', login_required(ensure_csrf_cookie(EditRenkanView.as_view())), name='front_edit_renkan'), + url(r'^front/view/(?P[\w-]+)/$', ensure_csrf_cookie(ViewRenkanView.as_view()), name='front_view_renkan'), url(r'^tracking/$', UITrackingView.as_view(), name='tracking_view'), url(r'^tracking/close/$', UITrackingViewClose.as_view(), name='tracking_view_close'), url(r'^front/delete/$', staff_member_required(DeleteRenkanView.as_view()), name='front_delete_renkan')