def enforce_csrf(request): """ Enforce CSRF validation. From drf source, authentication.py """ check = CSRFCheck() check.process_request(request) reason = check.process_view(request, None, (), {}) if reason: # CSRF failed, bail with explicit error message raise PermissionDenied('CSRF validation failed: %s' % reason)
def enforce_csrf(self, request): """ Enforce CSRF validation for session based authentication. """ check = CSRFCheck() # populates request.META['CSRF_COOKIE'], which is used in process_view() check.process_request(request) reason = check.process_view(request, None, (), {}) if reason: # CSRF failed, bail with explicit error message raise exceptions.PermissionDenied('CSRF Failed: %s' % reason)
def enforce_csrf(request): """ Enforce CSRF validation. """ check = CSRFCheck() # populates request.META['CSRF_COOKIE'], which is used in process_view() check.process_request(request) request.META[settings.CSRF_HEADER_NAME] = request.META.get("CSRF_COOKIE") reason = check.process_view(request, None, (), {}) if reason: # CSRF failed, bail with explicit error message raise PermissionDenied("CSRF Failed: %s" % reason)
def enforce_csrf(self, request): """ Enforce CSRF validation for session based authentication. """ def dummy_get_response(request): # pragma: no cover return None check = CSRFCheck(dummy_get_response) # populates request.META['CSRF_COOKIE'], which is used in process_view() check.process_request(request) reason = check.process_view(request, None, (), {}) if reason: # CSRF failed, bail with explicit error message raise exceptions.PermissionDenied(f'CSRF Failed: {reason}')
def enforce_csrf(self, request): """ Enforce CSRF validation for session based authentication. """ reason = CSRFCheck().process_view(request, None, (), {}) if reason: # CSRF failed, bail with explicit error message raise exceptions.PermissionDenied('CSRF Failed: %s' % reason)
def _enforce_csrf(self, request): """ Enforce CSRF validation LIKE session based authentication That method has been intentionally extracted (or copied) from rest_framework.authentication.SessionAuthentication.. """ def dummy_get_response(request): # pragma: no cover return None check = CSRFCheck(dummy_get_response) # populates request.META['CSRF_COOKIE'], which is used in process_view() check.process_request(request) reason = check.process_view(request, None, (), {}) if reason: # CSRF failed, bail with explicit error message raise PermissionDenied('CSRF Failed: %s' % reason)
def _enforce_csrf(self, request): """Make sure that we have a valid CSRF token. Django restframework does validate this when using the SessionAuthentication but since that also checks if the user is authenticated we can't really use that """ reason = CSRFCheck().process_view(request, None, (), {}) if reason: # CSRF failed, bail with explicit error message raise PermissionDenied('CSRF Failed: %s' % reason)
def enforce_csrf(self, request): """ Same implementation as django-rest-framework's SessionAuthentication. Enforce CSRF validation for session based authentication. """ reason = CSRFCheck().process_view(request, None, (), {}) if reason: # CSRF failed, bail with explicit error message raise exceptions.PermissionDenied('CSRF Failed: %s' % reason) if not request.COOKIES.get(api_settings.CSRF_COOKIE_NAME): # Make sure the CSRF cookie is set for next time get_token(request)
def enforce_csrf(self, request): reason = CSRFCheck().process_view(request, None, (), {}) if reason: raise exceptions.AuthenticationFailed(reason)
def enforce_csrf(request): check = CSRFCheck() check.process_request(request) reason = check.process_view(request, None, (), {}) if reason: raise exceptions.PermissionDenied('CSRF Failed: %s' % reason)