python/lib/Lib/site-packages/django/views/decorators/csrf.py - platform/tools/idea - Git at Google

 from django.middleware.csrf import CsrfViewMiddleware
 from django.utils.decorators import decorator_from_middleware, available_attrs

 try:
     from functools import wraps
 except ImportError:
     from django.utils.functional import wraps  # Python 2.4 fallback.

 csrf_protect = decorator_from_middleware(CsrfViewMiddleware)
 csrf_protect.__name__ = "csrf_protect"
 csrf_protect.__doc__ = """
 This decorator adds CSRF protection in exactly the same way as
 CsrfViewMiddleware, but it can be used on a per view basis.  Using both, or
 using the decorator multiple times, is harmless and efficient.
 """


 class _EnsureCsrfToken(CsrfViewMiddleware):
     # We need this to behave just like the CsrfViewMiddleware, but not reject
     # requests.
     def _reject(self, request, reason):
         return None


 requires_csrf_token = decorator_from_middleware(_EnsureCsrfToken)
 requires_csrf_token.__name__ = 'requires_csrf_token'
 requires_csrf_token.__doc__ = """
 Use this decorator on views that need a correct csrf_token available to
 RequestContext, but without the CSRF protection that csrf_protect
 enforces.
 """

 def csrf_response_exempt(view_func):
     """
     Modifies a view function so that its response is exempt
     from the post-processing of the CSRF middleware.
     """
     def wrapped_view(*args, **kwargs):
         resp = view_func(*args, **kwargs)
         resp.csrf_exempt = True
         return resp
     return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)

 def csrf_view_exempt(view_func):
     """
     Marks a view function as being exempt from CSRF view protection.
     """
     # We could just do view_func.csrf_exempt = True, but decorators
     # are nicer if they don't have side-effects, so we return a new
     # function.
     def wrapped_view(*args, **kwargs):
         return view_func(*args, **kwargs)
     wrapped_view.csrf_exempt = True
     return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)

 def csrf_exempt(view_func):
     """
     Marks a view function as being exempt from the CSRF checks
     and post processing.

     This is the same as using both the csrf_view_exempt and
     csrf_response_exempt decorators.
     """
     return csrf_response_exempt(csrf_view_exempt(view_func))
	from django.middleware.csrf import CsrfViewMiddleware
	from django.utils.decorators import decorator_from_middleware, available_attrs

	try:
	from functools import wraps
	except ImportError:
	from django.utils.functional import wraps # Python 2.4 fallback.

	csrf_protect = decorator_from_middleware(CsrfViewMiddleware)
	csrf_protect.__name__ = "csrf_protect"
	csrf_protect.__doc__ = """
	This decorator adds CSRF protection in exactly the same way as
	CsrfViewMiddleware, but it can be used on a per view basis. Using both, or
	using the decorator multiple times, is harmless and efficient.
	"""


	class _EnsureCsrfToken(CsrfViewMiddleware):
	# We need this to behave just like the CsrfViewMiddleware, but not reject
	# requests.
	def _reject(self, request, reason):
	return None


	requires_csrf_token = decorator_from_middleware(_EnsureCsrfToken)
	requires_csrf_token.__name__ = 'requires_csrf_token'
	requires_csrf_token.__doc__ = """
	Use this decorator on views that need a correct csrf_token available to
	RequestContext, but without the CSRF protection that csrf_protect
	enforces.
	"""

	def csrf_response_exempt(view_func):
	"""
	Modifies a view function so that its response is exempt
	from the post-processing of the CSRF middleware.
	"""
	def wrapped_view(args, *kwargs):
	resp = view_func(args, *kwargs)
	resp.csrf_exempt = True
	return resp
	return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)

	def csrf_view_exempt(view_func):
	"""
	Marks a view function as being exempt from CSRF view protection.
	"""
	# We could just do view_func.csrf_exempt = True, but decorators
	# are nicer if they don't have side-effects, so we return a new
	# function.
	def wrapped_view(args, *kwargs):
	return view_func(args, *kwargs)
	wrapped_view.csrf_exempt = True
	return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)

	def csrf_exempt(view_func):
	"""
	Marks a view function as being exempt from the CSRF checks
	and post processing.

	This is the same as using both the csrf_view_exempt and
	csrf_response_exempt decorators.
	"""
	return csrf_response_exempt(csrf_view_exempt(view_func))