我正在尝试在a页面上执行curl POST请求。不幸的是我击中了CSRF保护。
我尝试使用@csrf_exempt装饰器在此特定类型的页面上禁用CSRF,但未成功。
这是我的伪代码(许多尝试之一):
@method_decorator(csrf_exempt, name='serve')
class NewsletterPage(MedorPage):
class Meta:
verbose_name = _("newsletter page")
似乎在调用serve方法之前就完成了csrf验证。
任何想法?
谢谢
您将必须装饰wagtail.core.views.serve视图本身。由于您希望将其网址保留在wagtail_urls中,因此这是不完整的,因此无论您在何处添加w尾网址,都可以执行以下操作:
# urls.py
# ...
from wagtail.core import urls as wagtail_urls
# ...
### these two lines can really go anywhere ...
from wagtail.core import views
views.serve.csrf_exempt = True
### ... where they are executed at loading time
urlpatterns = [
# ...
re_path(r'^pages/', include(wagtail_urls)),
# ...
]
然后这将适用于所有all页面,但不仅限于一种特定类型。
我最终像这样子化了CSRF中间件:
from django.middleware.csrf import CsrfViewMiddleware
from wagtail.core.views import serve
from myproject_newsletter.models import NewsletterIndexPage
class CustomCsrfViewMiddleware(CsrfViewMiddleware):
def process_view(self, request, callback, callback_args, callback_kwargs):
if callback == serve:
# We are visiting a wagtail page. Check if this is a NewsletterPage
# and if so, do not perfom any CSRF validation
page = NewsletterIndexPage.objects.first()
path = callback_args[0]
if page and path.startswith(page.get_url_parts()[-1][1:])
return None
return super().process_view(request, callback, callback_args, callback_kwargs)