def enforce_csrf(self, request):
if request.path.startswith('/api'):
return
else:
return SessionAuthentication.enforce_csrf(
CsrfExemptSessionAuthentication, request)
def enforce_csrf(self, request):
if getattr(request, '_basic_authenticated', False):
# This request was not authenticated by the django session security module,
# so its CSRF check will fail. Avoid.
return
_RestSessionAuthentication.enforce_csrf(self, request)
def enforce_csrf(self, request):
if request.method == 'POST' and request.path == '/api/profile/':
return
return SessionAuthentication.enforce_csrf(self, request)