Sasha Matijasic

icon indicating a website link https://www.logit.net/ icon indicating an email [email protected]

icon company Logit internet services Ltd. icon location Croatia

Results 2 issues of Sasha Matijasic

Call csrf_exempt on DjangoResource.as_view.

3 comment

For any custom endpoints that are not HTTP GET, csrf exemption is needed or the call will fail with HTTP 403. One might argue that this fix smells like someone...

DjangoResource.as_view should call csrf_exempt

4 comment

`DjangoResource` `as_list` and `as_detail` call `csrf_exempt` on their `super`, but `as_view` is not overriden any custom endpoint method is protected with Django CSRF (and it shouldn't be).