Skip to content
Browse files

Make sure CSRF token cookie gets set in requests against the JSON API

  • Loading branch information...
1 parent 1387ba5 commit 7cd272a99c5d352cedba42eea447c70ce80d7911 @cnorthwood cnorthwood committed Jul 28, 2011
Showing with 6 additions and 0 deletions.
  1. +6 −0 molly/utils/views.py
View
6 molly/utils/views.py
@@ -22,6 +22,7 @@
from django.conf import settings
from django.utils.translation import ugettext as _
from django.views.debug import technical_500_response
+from django.middleware.csrf import get_token
logger = logging.getLogger(__name__)
@@ -330,6 +331,11 @@ def render_json(self, request, context, template_name):
context = simplify_value(context)
resolved = resolve(request.path)
context['view_name'] = '%s:%s' % (':'.join(resolved.namespaces), resolved.url_name)
+
+ # Include CSRF token, as templates don't get rendered csrf_token is
+ # never called which breaks CSRF for apps written against the JSON API
+ get_token(request)
+
return HttpResponse(simplejson.dumps(context),
mimetype="application/json")

0 comments on commit 7cd272a

Please sign in to comment.
Something went wrong with that request. Please try again.