def hand_rolled(request):
if request.method == 'POST':
csrf_token = request.POST.get('csrf_token', '')
if not csrf_utils.validate_csrf_token(csrf_token, request):
return HttpResponse('Invalid CSRF token')
else:
return HttpResponse('OK')
return render_to_response('hand_rolled.html', {
'csrf_token': csrf_utils.new_csrf_token(request),
'csrf_cookie': request.COOKIES.get('_csrf_cookie', 'NOT SET'),
})
def post(self, path, data={}, content_type=MULTIPART_CONTENT,
follow=False, csrf='default', **extra):
"Requests a response from the server using POST, auto-includes CSRF "
"token unless csrf=False or the _csrf_cookie has not yet been set."
if csrf and content_type == MULTIPART_CONTENT \
and not data.has_key('csrf_token'):
data['csrf_token'] = csrf_utils.new_csrf_token(
CsrfClient._CookieRequest(self.cookies), csrf
)
return super(CsrfClient, self).post(
path, data, content_type=content_type, follow=follow, csrf=csrf,
**extra
)
def hand_rolled_view(request):
if request.method == 'POST':
csrf_token = request.POST.get('csrf_token', '')
if not csrf_utils.validate_csrf_token(csrf_token, request):
return HttpResponse('Invalid CSRF token')
else:
return HttpResponse('OK')
else:
return HttpResponse("""
<form action="." method="post">
<input type="text" name="name">
<input type="hidden" name="csrf_token" value="%s">
</form>
""" % csrf_utils.new_csrf_token(request))
