- Author:
- mjallday
- Posted:
- November 23, 2010
- Language:
- Python
- Version:
- Not specified
- Score:
- 1 (after 1 ratings)
This assumes that you have a method called decode_signed_request which will validate the signed_request parameter and return None if the validation check fails.
A similar method can be found here - https://github.com/iplatform/pyFaceGraph/blob/70e456c79f1ac1c7eddece03af323346a00481ef/src/facegraph/canvas.py
1 2 3 4 5 6 7 8 | class IgnoreFbCsrfMiddleware(object):
def process_request(self, request):
signed_request = request.REQUEST.get('signed_request', None)
signed_request = decode_signed_request(signed_request, settings.FACEBOOK_APP_SECRET)
request.csrf_processing_done = signed_request != None
|
More like this
- Template tag - list punctuation for a list of items by shapiromatron 10 months, 1 week ago
- JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 10 months, 2 weeks ago
- Serializer factory with Django Rest Framework by julio 1 year, 5 months ago
- Image compression before saving the new model / work with JPG, PNG by Schleidens 1 year, 6 months ago
- Help text hyperlinks by sa2812 1 year, 6 months ago
Comments
adding
will allow you to use {% crsf_token %} in further requests
#
why not put a simple 'csrf_exempt' decorator on the view that where the 'signed_request' is encountered. Solves the need for the 'request.META["CSRF_COOKIE"] = _get_new_csrf_key()' anyway.
P.S. I'm assuming that we wont use this view for making any other sort of POST.
#
And the rest of the views won't even have to go through the extra layer of the middleware stack. And even more, there won't even be a chance of POST parameter name clash of 'signed_request' intended for some other view, the use of which is very much probable in such this case.
#
Please login first before commenting.