chore: Remove a character in CSRF code example #1586
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Author
|
UPD: So, I'd suggest adding some note that decorators also have to be applied in a view mode, it would seem. Is there any way to use Django authentication with CSRF on? |
Author
|
Just to clarify, here's what my code looks like: from django.http import HttpRequest
from django.views.decorators.csrf import csrf_exempt, ensure_csrf_cookie
from .router import admin_router
@admin_router.post(
"/department/fetch",
)
@ensure_csrf_cookie
@csrf_exempt
def fetch_departments(request: "HttpRequest") -> bool:
# There's some actual logic
return TrueIn from ninja import Router
from ninja.security import django_auth
admin_router = Router(
auth=django_auth,
tags=[
"Admin",
],
)Then this router is added in the app: from ninja import NinjaAPI
from ...api.decorators import request_id_decorator
from .admin.router import admin_router
app = NinjaAPI()
app.add_decorator(
request_id_decorator,
mode="view",
)
app.add_router("/admin/", admin_router)The result is that Django tries to add a cookie to the boolean value (result of the function) |
Author
|
After some more tinkering - I need to decorate endpoints as CSRF exempt (not the router), but can apply |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi! I've noticed this typo in the CSRF code example.
On a side note, should there be some migration guide for users that prior to 1.5.0 have used
csrfin their app config? (From what I see - it's enough to remove the parameter, and it'll mostly work the same, except for anonymous requests where django_auth is required. Previously it returned code 401, and now it says that there's CSRF error, and returns error code 403)I see that it's mentioned that this parameter is removed with 1.5.0 release (in beta release noes), however it doesn't clearly state that without removing it first, the app simply won't run.