def enforce_csrf(request): """ Enforce CSRF validation. From drf source, authentication.py """ check = CSRFCheck() check.process_request(request) reason = check.process_view(request, None, (), {}) if reason: # CSRF failed, bail with explicit error message raise PermissionDenied('CSRF validation failed: %s' % reason)
def enforce_csrf(self, request): """ Enforce CSRF validation for session based authentication. """ check = CSRFCheck() # populates request.META['CSRF_COOKIE'], which is used in process_view() check.process_request(request) reason = check.process_view(request, None, (), {}) if reason: # CSRF failed, bail with explicit error message raise exceptions.PermissionDenied('CSRF Failed: %s' % reason)
def enforce_csrf(request): """ Enforce CSRF validation. """ check = CSRFCheck() # populates request.META['CSRF_COOKIE'], which is used in process_view() check.process_request(request) request.META[settings.CSRF_HEADER_NAME] = request.META.get("CSRF_COOKIE") reason = check.process_view(request, None, (), {}) if reason: # CSRF failed, bail with explicit error message raise PermissionDenied("CSRF Failed: %s" % reason)
def enforce_csrf(self, request): """ Enforce CSRF validation for session based authentication. """ def dummy_get_response(request): # pragma: no cover return None check = CSRFCheck(dummy_get_response) # populates request.META['CSRF_COOKIE'], which is used in process_view() check.process_request(request) reason = check.process_view(request, None, (), {}) if reason: # CSRF failed, bail with explicit error message raise exceptions.PermissionDenied(f'CSRF Failed: {reason}')
def _enforce_csrf(self, request): """ Enforce CSRF validation LIKE session based authentication That method has been intentionally extracted (or copied) from rest_framework.authentication.SessionAuthentication.. """ def dummy_get_response(request): # pragma: no cover return None check = CSRFCheck(dummy_get_response) # populates request.META['CSRF_COOKIE'], which is used in process_view() check.process_request(request) reason = check.process_view(request, None, (), {}) if reason: # CSRF failed, bail with explicit error message raise PermissionDenied('CSRF Failed: %s' % reason)
def enforce_csrf(request): check = CSRFCheck() check.process_request(request) reason = check.process_view(request, None, (), {}) if reason: raise exceptions.PermissionDenied('CSRF Failed: %s' % reason)