From 34edcd53cb29fac17a7a2e5288b1bfbb582c92db Mon Sep 17 00:00:00 2001 From: Alexander Laevens Date: Sun, 27 Nov 2022 21:17:44 -0700 Subject: [PATCH] Try CSRF Exempt auth/token --- one_trip/lib/api/consts.dart | 4 ++-- one_trip_api/one_trip_api/settings/base.py | 1 + one_trip_api/users/middleware.py | 15 +++++++++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 one_trip_api/users/middleware.py diff --git a/one_trip/lib/api/consts.dart b/one_trip/lib/api/consts.dart index 19a0189..f6bee9a 100644 --- a/one_trip/lib/api/consts.dart +++ b/one_trip/lib/api/consts.dart @@ -1,4 +1,4 @@ -// const String baseURL = "https://groceries.alaevens.ca"; -const String baseURL = "http://192.168.0.16:8000"; +const String baseURL = "https://groceries.alaevens.ca"; +// const String baseURL = "http://192.168.0.16:8000"; const int resultsPerPage = 4; diff --git a/one_trip_api/one_trip_api/settings/base.py b/one_trip_api/one_trip_api/settings/base.py index fcd15d7..63076ae 100644 --- a/one_trip_api/one_trip_api/settings/base.py +++ b/one_trip_api/one_trip_api/settings/base.py @@ -46,6 +46,7 @@ INSTALLED_APPS = [ ] MIDDLEWARE = [ + 'users.middleware.ExemptCSRFMiddleware', 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'corsheaders.middleware.CorsMiddleware', diff --git a/one_trip_api/users/middleware.py b/one_trip_api/users/middleware.py new file mode 100644 index 0000000..5f6fc56 --- /dev/null +++ b/one_trip_api/users/middleware.py @@ -0,0 +1,15 @@ +# https://stackoverflow.com/a/41728627/13538080 + +from django.http import request + +class ExemptCSRFMiddleware: + def __init__(self, get_response): + self.get_response = get_response + + def __call__(self, request): + + if request.path_info == "/auth/token": + setattr(request, '_dont_enforce_csrf_checks', True) + + response = self.get_response(request) + return response