Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No CSRF cookie for docs pages #4153

Merged
merged 4 commits into from May 30, 2018
Merged

No CSRF cookie for docs pages #4153

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
fc9c989
No CSRF cookie for docs pages
davidfischer May 26, 2018
a746c14
Remove the language select form from error pages
davidfischer May 29, 2018
7bbe0b4
Get the scoping right
davidfischer May 29, 2018
5074913
Merge branch 'master' into no-csrf-cookie-for-docs
davidfischer May 29, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 4 additions & 0 deletions readthedocs/core/views/serve.py
View file
Open in desktop
Expand Up @@ -37,6 +37,7 @@
from django.http import HttpResponse, HttpResponseRedirect, Http404
from django.shortcuts import get_object_or_404
from django.shortcuts import render
from django.views.decorators.csrf import csrf_exempt
from django.views.static import serve

from readthedocs.builds.models import Version
Expand Down Expand Up @@ -98,13 +99,15 @@ def inner_view(request, project=None, project_slug=None, *args, **kwargs): # no
return inner_view


@csrf_exempt
@map_project_slug
@map_subproject_slug
def redirect_project_slug(request, project, subproject): # pylint: disable=unused-argument
"""Handle / -> /en/latest/ directs on subdomains."""
return HttpResponseRedirect(resolve(subproject or project))


@csrf_exempt
@map_project_slug
@map_subproject_slug
def redirect_page_with_filename(request, project, subproject, filename): # pylint: disable=unused-argument # noqa
Expand Down Expand Up @@ -144,6 +147,7 @@ def _serve_file(request, filename, basepath):
return response


@csrf_exempt
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should include a comment here about why we're making these exempt (no cookies on doc pages)

@map_project_slug
@map_subproject_slug
def serve_docs(
Expand Down