From a0477e63485f43bd5f07b213f38fcf3908775b04 Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Thu, 20 Dec 2018 20:35:37 +0100 Subject: [PATCH] Make wipe view not CSRF exempt There is no reason to CSRF exempt this view since it's accessed via a form with POST action from the dashboard. --- readthedocs/core/views/__init__.py | 2 -- readthedocs/templates/wipe_version.html | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/readthedocs/core/views/__init__.py b/readthedocs/core/views/__init__.py index 342eb530498..6f25e9bd92b 100644 --- a/readthedocs/core/views/__init__.py +++ b/readthedocs/core/views/__init__.py @@ -14,7 +14,6 @@ from django.conf import settings from django.http import HttpResponseRedirect, Http404, JsonResponse from django.shortcuts import render, get_object_or_404, redirect -from django.views.decorators.csrf import csrf_exempt from django.views.generic import TemplateView from readthedocs.builds.models import Version @@ -72,7 +71,6 @@ def random_page(request, project_slug=None): # pylint: disable=unused-argument return HttpResponseRedirect(url) -@csrf_exempt def wipe_version(request, project_slug, version_slug): version = get_object_or_404( Version, diff --git a/readthedocs/templates/wipe_version.html b/readthedocs/templates/wipe_version.html index d842e9b3266..8660afa2c80 100644 --- a/readthedocs/templates/wipe_version.html +++ b/readthedocs/templates/wipe_version.html @@ -30,6 +30,7 @@

{% endblocktrans %}
+ {% csrf_token %}
{% endif %}