for codesy#72 - remove default CSRF protection

groovecoder · Dec 27, 2014 · 68478ee · 68478ee
1 parent cd9837f
commit 68478ee
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 2 deletions.
diff --git a/auctions/templates/bid.html b/auctions/templates/bid.html
@@ -5,7 +5,6 @@
 {% else %}
 <form id="codesy_bid_form" action="//{{domain}}{% url 'bid-list' %}" method="POST" >
 {% endif %}
-  {% csrf_token %}
   <input name="url" type="hidden" value="{{ url }}"></input>
   <input name="ask" type="text" placeholder="ask" value="{{ bid.ask }}"></input>
   <input name="offer" type="text" placeholder="offer" value="{{ bid.offer }}"></input>

diff --git a/codesy/settings.py b/codesy/settings.py
@@ -59,7 +59,6 @@
 MIDDLEWARE_CLASSES = (
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
-    'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',

diff --git a/codesy/templates/home.html b/codesy/templates/home.html
@@ -87,9 +87,11 @@ <h2>3. Add to your browser</h2>
       method: "PATCH",
       url: "/users/{{ request.user.id }}/",
       beforeSend: function(xhr, settings) {
+          /* FIXME: with https://github.com/codesy/codesy/issues/72
           if (!this.crossDomain) {
               xhr.setRequestHeader("X-CSRFToken", $.cookie("csrftoken"));
           }
+          */
       },
       data: {
         balanced_card_href: card_href,