Merge pull request #4 from jathanism/api_xsrf

Add setting to toggle for checking XSRF cookies on API calls.
dropbox · Jan 20, 2015 · d51c77f · d51c77f
2 parents c670276 + bdf3de8
commit d51c77f
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -39,3 +39,4 @@ nosetests.xml
 .pydevproject
 
 docs/_build
+.*sw?
diff --git a/config/dev.yaml b/config/dev.yaml
@@ -41,3 +41,7 @@ cdnjs_prefix: "//cdnjs.cloudflare.com"
 # specified in CIDR notation.
 # Type: str or list
 restrict_networks: "127.0.0.1"
+
+# Specifies whether to use XSRF headers/cookies for API calls. Default: true
+# Type: bool
+api_xsrf_enabled: false
diff --git a/nsot/handlers/util.py b/nsot/handlers/util.py
@@ -87,7 +87,6 @@ def write_error(self, status_code, **kwargs):
         self.render("error.html", code=status_code, message=message)
 
 
-
 class ApiHandler(BaseHandler):
     def initialize(self):
         BaseHandler.initialize(self)
@@ -102,6 +101,11 @@ def jbody(self):
                 self._jbody = {}
         return self._jbody
 
+    def check_xsrf_cookie(self):
+        """Optionally check XSRF cookies on API calls."""
+        if settings.api_xsrf_enabled:
+            super(ApiHandler, self).check_xsrf_cookie()
+
     def get_pagination_values(self, max_limit=None):
         offset = int(self.get_argument("offset", 0))
         limit = self.get_argument("limit", None)

diff --git a/nsot/settings.py b/nsot/settings.py
@@ -68,4 +68,5 @@ def override_restrict_networks(self, values):
     "cdnjs_prefix": "//cdnjs.cloudflare.com",
     "restrict_networks": [],
     "bind_address": None,
+    "api_xsrf_enabled": True,
 })
diff --git a/nsot/version.py b/nsot/version.py
@@ -1 +1 @@
-__version__ = "0.0.1"
+__version__ = "0.0.2"