[damned-lies] Skipped CSRF check on the pull_code view

From: Claude Paroz <claudep src gnome org>
To: commits-list gnome org
Cc:
Subject: [damned-lies] Skipped CSRF check on the pull_code view
Date: Mon, 28 May 2018 16:58:48 +0000 (UTC)

commit baab6cabe826e62d255a114f4609eabeec0e1170
Author: Claude Paroz <claude 2xlibre net>
Date:   Mon May 28 18:57:50 2018 +0200

    Skipped CSRF check on the pull_code view

 common/views.py | 3 +++
 1 file changed, 3 insertions(+)
---
diff --git a/common/views.py b/common/views.py
index 0e2bd574..a0195bf0 100644
--- a/common/views.py
+++ b/common/views.py
@@ -10,6 +10,7 @@ from django.template.loader import get_template, TemplateDoesNotExist
 from django.urls import reverse
 from django.utils.http import is_safe_url
 from django.utils.translation import ugettext as _
+from django.views.decorators.csrf import csrf_exempt
 
 from people.models import Person, obfuscate_email
 from teams.models import Role
@@ -120,6 +121,8 @@ def help(request, topic, modal):
     })
 
 
+# CSRF skipped, verification using a secret token.
+@csrf_exempt
 def pull_code(request):
     """GitLab Webhok endpoint to update code after a repository push."""
     verified = (

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]