holm/django-helpdesk
1
0
Fork 0
forked from extern/django-helpdesk
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Made iframe ticket submit view CSRF exempt. Hopefully this is secure!

Browse Source
This commit is contained in:
Timothy Hobbs 2020-01-14 16:02:00 +01:00
parent 4c1fda5991
commit 07a42e07f8
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
helpdesk/views/public.py
View File

@ -14,6 +14,7 @@ from django.utils.http import urlquote
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from django.conf import settings from django.conf import settings
from django.views.decorators.clickjacking import xframe_options_exempt from django.views.decorators.clickjacking import xframe_options_exempt
from django.views.decorators.csrf import csrf_exempt
from django.views.generic.base import TemplateView from django.views.generic.base import TemplateView
from django.views.generic.edit import FormView from django.views.generic.edit import FormView
@ -101,6 +102,7 @@ class BaseCreateTicketView(abstract_views.AbstractCreateTicketMixin, FormView):
class CreateTicketIframeView(BaseCreateTicketView): class CreateTicketIframeView(BaseCreateTicketView):
template_name = 'helpdesk/public_create_ticket_iframe.html' template_name = 'helpdesk/public_create_ticket_iframe.html'
@csrf_exempt
@xframe_options_exempt @xframe_options_exempt
def dispatch(self, *args, **kwargs): def dispatch(self, *args, **kwargs):
return super().dispatch(*args, **kwargs) return super().dispatch(*args, **kwargs)