remove csrf and make newsletter views exempt because we don't have a caching backend

2012-03-28 17:10:12 -04:00 · 2012-03-28 17:10:12 -04:00 · ceda24191b
--- a/apps/marketplace/views.py
+++ b/apps/marketplace/views.py
@ -1,13 +1,13 @@
 import l10n_utils
 from django.conf import settings
 from django.core.validators import email_re
-from session_csrf import anonymous_csrf
+from django.views.decorators.csrf import csrf_exempt

 import basket

 from mozorg.forms import NewsletterForm

-@anonymous_csrf
+@csrf_exempt
 def marketplace(request):
    success = False
    form = NewsletterForm(request.POST or None)
--- a/apps/mozorg/templates/mozorg/contribute.html
+++ b/apps/mozorg/templates/mozorg/contribute.html
@ -66,7 +66,6 @@
 <form class="billboard{% if form.errors %} has-errors{% endif%}"
  action="#help-form" id="help-form" method="post">

-  {{ csrf() }}
  <div class="row">
    <div class="form-column-1">
      <h3>Want to help?</h3>
--- a/apps/mozorg/util.py
+++ b/apps/mozorg/util.py
@ -1,7 +1,7 @@
 import os

 from django.conf.urls.defaults import url
-from session_csrf import anonymous_csrf
+from django.views.decorators.csrf import csrf_exempt
 from functools import wraps

 import basket
@ -23,8 +23,6 @@ def handle_newsletter(request):
    return {'email_form': form,
            'email_success': success}

-
-@anonymous_csrf
 def page_view(request, tmpl, **kwargs):
    ctx = kwargs
    ctx.update(handle_newsletter(request))
@ -41,6 +39,10 @@ def page(name, tmpl, **kwargs):
    (base, ext) = os.path.splitext(tmpl)
    name = base.replace('/', '.')

-    return url(pattern,
-               lambda request: page_view(request, tmpl, **kwargs),
-               name=name)
+    # we don't have a caching backend yet, so no csrf (it's just a
+    # newsletter form anyway)
+    @csrf_exempt
+    def _view(request):
+        return page_view(request, tmpl, **kwargs)
+
+    return url(pattern, _view, name=name)
--- a/apps/mozorg/views.py
+++ b/apps/mozorg/views.py
@ -1,5 +1,5 @@
 from django.core.mail import EmailMessage
-from session_csrf import anonymous_csrf
+from django.views.decorators.csrf import csrf_exempt
 from django.conf import settings

 import basket
@ -7,7 +7,7 @@ import l10n_utils
 import jingo
 from forms import ContributeForm

-@anonymous_csrf
+@csrf_exempt
 def contribute(request):
    success = False
    form = ContributeForm(request.POST or None)
--- a/templates/base.html
+++ b/templates/base.html
@ -78,7 +78,6 @@
          <input type="hidden" name="newsletter-footer" value="Y" />
          <input type="hidden" name="newsletter"
            value="{% block email_form_newsletter %}about-mozilla{% endblock %}" />
-          {{ csrf() }}

          <h3>{% block email_form_title %}Get Mozilla updates{% endblock %}</h3>