From 771f09ffaa3482ffd11b26ff4bc7ef725ce9ddf0 Mon Sep 17 00:00:00 2001
From: yc <iyanchuan@gmail.com>
Date: Mon, 30 Jan 2012 20:23:25 +0800
Subject: [PATCH] disable csrf_protect in api

---
 api/views.py | 3 ++-
 settings.py  | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/views.py b/api/views.py
index 6fbc0d2..97c22f0 100644
--- a/api/views.py
+++ b/api/views.py
@@ -6,6 +6,7 @@
 import re
 from django.http import HttpResponse, HttpRequest
 from django.contrib.auth import authenticate
+from django.views.decorators.csrf import csrf_view_exempt
 from todo.models import Todo, Tag, User
 from utils import json_encode, json_decode, now, date_range
 
@@ -60,7 +61,7 @@ def inner(*a, **b):
 			return ret if raw else json_return(ret)
 		except:
 			return -1 if raw else json_return(status=500)
-	return inner
+	return csrf_view_exempt(inner)
 
 @api
 def test(method, get, post, user):
diff --git a/settings.py b/settings.py
index 61c153e..67578b3 100644
--- a/settings.py
+++ b/settings.py
@@ -80,6 +80,7 @@
 MIDDLEWARE_CLASSES = (
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
 )