Deprecated csrf_response_exempt and csrf_view_exempt decorators (16f6acdb) · Commits · Dom Sekotill / django

django/views/decorators/csrf.py

+14 −15

Original line number	Diff line number	Diff line
		import warnings

		from django.middleware.csrf import CsrfViewMiddleware
		from django.utils.decorators import decorator_from_middleware, available_attrs
		from functools import wraps
		@@ -31,16 +33,23 @@ def csrf_response_exempt(view_func):
		Modifies a view function so that its response is exempt
		from the post-processing of the CSRF middleware.
		"""
		def wrapped_view(args, *kwargs):
		resp = view_func(args, *kwargs)
		resp.csrf_exempt = True
		return resp
		return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)
		warnings.warn("csrf_response_exempt is deprecated. It no longer performs a "
		"function, and calls to it can be removed.",
		PendingDeprecationWarning)
		return view_func

		def csrf_view_exempt(view_func):
		"""
		Marks a view function as being exempt from CSRF view protection.
		"""
		warnings.warn("csrf_view_exempt is deprecated. Use csrf_exempt instead.",
		PendingDeprecationWarning)
		return csrf_exempt(view_func)

		def csrf_exempt(view_func):
		"""
		Marks a view function as being exempt from the CSRF view protection.
		"""
		# We could just do view_func.csrf_exempt = True, but decorators
		# are nicer if they don't have side-effects, so we return a new
		# function.
		@@ -48,13 +57,3 @@ def csrf_view_exempt(view_func):
		return view_func(args, *kwargs)
		wrapped_view.csrf_exempt = True
		return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)

		def csrf_exempt(view_func):
		"""
		Marks a view function as being exempt from the CSRF checks
		and post processing.

		This is the same as using both the csrf_view_exempt and
		csrf_response_exempt decorators.
		"""
		return csrf_response_exempt(csrf_view_exempt(view_func))

docs/internals/deprecation.txt

+7 −0

Original line number	Diff line number	Diff line
		@@ -179,6 +179,13 @@ their deprecation, as per the :ref:`Django deprecation policy
		have been deprecated since the 1.4 release. The native versions
		should be used instead.

		* The :func:`~django.views.decorators.csrf.csrf_response_exempt` and
		:func:`~django.views.decorators.csrf.csrf_view_exempt` decorators will
		be removed. Since 1.4 ``csrf_response_exempt`` has been a no-op (it
		returns the same function), and ``csrf_view_exempt`` has been a
		synonym for ``django.views.decorators.csrf.csrf_exempt``, which should
		be used to replace it.

		* 2.0
		* ``django.views.defaults.shortcut()``. This function has been moved
		to ``django.contrib.contenttypes.views.shortcut()`` as part of the

tests/regressiontests/csrf_tests/tests.py

+3 −3

Original line number	Diff line number	Diff line
		@@ -4,7 +4,7 @@ import warnings
		from django.test import TestCase
		from django.http import HttpRequest, HttpResponse
		from django.middleware.csrf import CsrfViewMiddleware
		from django.views.decorators.csrf import csrf_exempt, csrf_view_exempt, requires_csrf_token
		from django.views.decorators.csrf import csrf_exempt, requires_csrf_token
		from django.core.context_processors import csrf
		from django.conf import settings
		from django.template import RequestContext, Template
		@@ -200,10 +200,10 @@ class CsrfViewMiddlewareTest(TestCase):

		def test_get_token_for_exempt_view(self):
		"""
		Check that get_token still works for a view decorated with 'csrf_view_exempt'.
		Check that get_token still works for a view decorated with 'csrf_exempt'.
		"""
		req = self._get_GET_csrf_cookie_request()
		CsrfViewMiddleware().process_view(req, csrf_view_exempt(token_view), (), {})
		CsrfViewMiddleware().process_view(req, csrf_exempt(token_view), (), {})
		resp = token_view(req)
		self._check_token_present(resp)