我正在尝试在 wagtail 页面上执行 curl POST 请求。不幸的是,我击中了 CSRF 保护。
我尝试使用 @csrf_exempt 装饰器在这种特定类型的页面上禁用 CSRF,但没有成功。
这是我的伪代码(许多尝试之一):
@method_decorator(csrf_exempt, name='serve')
class NewsletterPage(MedorPage):
class Meta:
verbose_name = _("newsletter page")
似乎在调用 serve 方法之前就完成了 csrf 验证。
有什么想法吗?
谢谢
【问题讨论】:
标签: python django csrf python-decorators wagtail
我最终像这样子类化了 CSRF 中间件:
from django.middleware.csrf import CsrfViewMiddleware
from wagtail.core.views import serve
from myproject_newsletter.models import NewsletterIndexPage
class CustomCsrfViewMiddleware(CsrfViewMiddleware):
def process_view(self, request, callback, callback_args, callback_kwargs):
if callback == serve:
# We are visiting a wagtail page. Check if this is a NewsletterPage
# and if so, do not perfom any CSRF validation
page = NewsletterIndexPage.objects.first()
path = callback_args[0]
if page and path.startswith(page.get_url_parts()[-1][1:])
return None
return super().process_view(request, callback, callback_args, callback_kwargs)
【讨论】:
您必须自己装饰wagtail.core.views.serve 视图。由于您希望将其网址保留在您的wagtail_urls 中,因此这是不完整的,您可以在包含 wagtail 网址的任何地方执行以下操作:
# urls.py
# ...
from wagtail.core import urls as wagtail_urls
# ...
### these two lines can really go anywhere ...
from wagtail.core import views
views.serve.csrf_exempt = True
### ... where they are executed at loading time
urlpatterns = [
# ...
re_path(r'^pages/', include(wagtail_urls)),
# ...
]
这将适用于所有鹡鸰页面,但不仅仅是一种特定类型。
【讨论】: