csrf

alkator/settings.py

@@ -27,6 +27,8 @@ DEBUG = True
 
 ALLOWED_HOSTS = ['https://alkator.cz', 'localhost']
 
+CSRF_TRUSTED_ORIGINS  = ['https://alkator.cz']
+
 # Application definition
 
 INSTALLED_APPS = [
@@ -43,6 +45,7 @@ MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',

alkatorapi/models.py

@@ -8,3 +8,6 @@ class User(models.Model):
     register_date = models.DateTimeField(auto_now=True)
     paid = models.BooleanField(default=False)
     duration = models.DurationField(null=True)
+
+    def __str__(self):
+        return f"<User {self.first_name} {self.last_name} {self.email} {self.paid}>"

alkatorapi/views.py

@@ -1,9 +1,12 @@
 from django.shortcuts import render
 from django.http import HttpResponse
+from django.views.decorators.csrf import csrf_exempt
 from datetime import date
 
 from .models import User
 
+
+@csrf_exempt
 def register(request):
     if date.today() >= date(2024, 4, 21):
         return HttpResponse('{"reason":"Too late!"}', status=400, content_type='application/json')