1 2 3 4 5 6 7 8 | class IgnoreFbCsrfMiddleware(object):
def process_request(self, request):
signed_request = request.REQUEST.get('signed_request', None)
signed_request = decode_signed_request(signed_request, settings.FACEBOOK_APP_SECRET)
request.csrf_processing_done = signed_request != None
|
More like this
- Manual CSRF check for Django Facebook canvas applications by krvss 1 year, 8 months ago
- SignedForm: CSRF-protect forms with a hidden token field by exogen 4 years, 8 months ago
- HttpMethodsMiddleware by hawkeye 6 years, 1 month ago
- Facebook Authentication Backend by barnardo 2 years, 11 months ago
- create_c by catellar 1 year, 9 months ago
Feed of latest snippets
Comments
adding
will allow you to use {% crsf_token %} in further requests
#
why not put a simple 'csrf_exempt' decorator on the view that where the 'signed_request' is encountered. Solves the need for the 'request.META["CSRF_COOKIE"] = _get_new_csrf_key()' anyway.
P.S. I'm assuming that we wont use this view for making any other sort of POST.
#
And the rest of the views won't even have to go through the extra layer of the middleware stack. And even more, there won't even be a chance of POST parameter name clash of 'signed_request' intended for some other view, the use of which is very much probable in such this case.
#
There is an easier and more standard way: http://djangosnippets.org/snippets/2538/
#
great share thanks. spelautomater
#
so, thanks a lot for sharing this valuable information! VikingSlot - spelautomater
#