在Wagtail页面上禁用CSRF验证

2024-04-19 01:41:05 发布

您现在位置:Python中文网/ 问答频道 /正文
8264 3

我正试图在一个摇尾页面上做一个curl POST请求。不幸的是,我击中了CSRF 保护

我尝试使用@csrf_exempt装饰器在这种特定类型的页面上禁用CSRF,但没有成功

以下是我的伪代码(许多尝试之一):

@method_decorator(csrf_exempt, name='serve')
class NewsletterPage(MedorPage):

    class Meta:
        verbose_name = _("newsletter page")

似乎csrf验证甚至在调用serve方法之前就已经完成了

有什么想法吗

谢谢


Tags: 代码name类型装饰decorator页面curlpost
2条回答
网友
1楼 · 编辑于 2024-04-19 01:41:05

我最终将CSRF中间件子类化如下:

from django.middleware.csrf import CsrfViewMiddleware

from wagtail.core.views import serve

from myproject_newsletter.models import NewsletterIndexPage


class CustomCsrfViewMiddleware(CsrfViewMiddleware):

    def process_view(self, request, callback, callback_args, callback_kwargs):

        if callback == serve:
            # We are visiting a wagtail page. Check if this is a NewsletterPage
            # and if so, do not perfom any CSRF validation
            page = NewsletterIndexPage.objects.first()
            path = callback_args[0]

            if page and path.startswith(page.get_url_parts()[-1][1:])
                return None

        return super().process_view(request, callback, callback_args, callback_kwargs)
网友
2楼 · 编辑于 2024-04-19 01:41:05

您必须装饰wagtail.core.views.serve视图本身。由于您希望将其url保留在^{cd2>}中,因此可以在包含wagtail url的任何位置执行以下操作:

# urls.py

# ...
from wagtail.core import urls as wagtail_urls
# ...


### these two lines can really go anywhere ...
from wagtail.core import views
views.serve.csrf_exempt = True
### ... where they are executed at loading time

urlpatterns = [
    # ...
    re_path(r'^pages/', include(wagtail_urls)),
    # ...
]

这将适用于所有wagtail页面,而不仅仅是一种特定类型

相关问题 更多 >

    编程相关推荐