csrf

2024-02-06 17:24:28 +01:00 · 2024-02-06 17:24:28 +01:00 · e439dc7618
commit e439dc7618
parent 766ba438f6
3 changed files with 9 additions and 0 deletions
--- a/alkator/settings.py
+++ b/alkator/settings.py
@ -27,6 +27,8 @@ DEBUG = True

 ALLOWED_HOSTS = ['https://alkator.cz', 'localhost']

+CSRF_TRUSTED_ORIGINS  = ['https://alkator.cz']
+
 # Application definition

 INSTALLED_APPS = [
@ -43,6 +45,7 @@ MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
--- a/alkatorapi/models.py
+++ b/alkatorapi/models.py
@ -8,3 +8,6 @@ class User(models.Model):
    register_date = models.DateTimeField(auto_now=True)
    paid = models.BooleanField(default=False)
    duration = models.DurationField(null=True)
+
+    def __str__(self):
+        return f"<User {self.first_name} {self.last_name} {self.email} {self.paid}>"
--- a/alkatorapi/views.py
+++ b/alkatorapi/views.py
@ -1,9 +1,12 @@
 from django.shortcuts import render
 from django.http import HttpResponse
+from django.views.decorators.csrf import csrf_exempt
 from datetime import date

 from .models import User

+
+@csrf_exempt
 def register(request):
    if date.today() >= date(2024, 4, 21):
        return HttpResponse('{"reason":"Too late!"}', status=400, content_type='application/json')