sarina · June 6, 2015 04:45
diff --git a/gistfile1.txt b/gistfile1.txt
 Comparison of edX's current implementation of views.decorators.csrf.py 
 (https://github.com/edx/edx-platform/blob/master/common/djangoapps/django_future/csrf.py)
 versus the Django 1.4 stable implementation (https://github.com/django/django/blob/stable/1.4.x/django/views/decorators/csrf.py)

 $ diff -y common/djangoapps/django_future/csrf.py 1.4.x/django/views/decorators/csrf.py
 # Taken from Django 1.4					      <
 							      <
 import warnings							import warnings

 from django.middleware.csrf import CsrfViewMiddleware, get_to	from django.middleware.csrf import CsrfViewMiddleware, get_to
 from django.utils.decorators import decorator_from_middleware	from django.utils.decorators import decorator_from_middleware
 from functools import wraps					from functools import wraps

 csrf_protect = decorator_from_middleware(CsrfViewMiddleware)	csrf_protect = decorator_from_middleware(CsrfViewMiddleware)
 csrf_protect.__name__ = "csrf_protect"				csrf_protect.__name__ = "csrf_protect"
 csrf_protect.__doc__ = """					csrf_protect.__doc__ = """
 This decorator adds CSRF protection in exactly the same way a	This decorator adds CSRF protection in exactly the same way a
 CsrfViewMiddleware, but it can be used on a per view basis.  	CsrfViewMiddleware, but it can be used on a per view basis.  
 using the decorator multiple times, is harmless and efficient	using the decorator multiple times, is harmless and efficient
 """								"""


 class _EnsureCsrfToken(CsrfViewMiddleware):			class _EnsureCsrfToken(CsrfViewMiddleware):
    # We need this to behave just like the CsrfViewMiddleware	    # We need this to behave just like the CsrfViewMiddleware
    # requests.							    # requests.
    def _reject(self, request, reason):				    def _reject(self, request, reason):
        return None						        return None


 requires_csrf_token = decorator_from_middleware(_EnsureCsrfTo	requires_csrf_token = decorator_from_middleware(_EnsureCsrfTo
 requires_csrf_token.__name__ = 'requires_csrf_token'		requires_csrf_token.__name__ = 'requires_csrf_token'
 requires_csrf_token.__doc__ = """				requires_csrf_token.__doc__ = """
 Use this decorator on views that need a correct csrf_token av	Use this decorator on views that need a correct csrf_token av
 RequestContext, but without the CSRF protection that csrf_pro	RequestContext, but without the CSRF protection that csrf_pro
 enforces.							enforces.
 """								"""


 class _EnsureCsrfCookie(CsrfViewMiddleware):			class _EnsureCsrfCookie(CsrfViewMiddleware):
    def _reject(self, request, reason):				    def _reject(self, request, reason):
        return None						        return None

    def process_view(self, request, callback, callback_args, 	    def process_view(self, request, callback, callback_args, 
        retval = super(_EnsureCsrfCookie, self).process_view(	        retval = super(_EnsureCsrfCookie, self).process_view(
        # Forces process_response to send the cookie		        # Forces process_response to send the cookie
        get_token(request)					        get_token(request)
        return retval						        return retval


 ensure_csrf_cookie = decorator_from_middleware(_EnsureCsrfCoo	ensure_csrf_cookie = decorator_from_middleware(_EnsureCsrfCoo
 ensure_csrf_cookie.__name__ = 'ensure_csrf_cookie'		ensure_csrf_cookie.__name__ = 'ensure_csrf_cookie'
 ensure_csrf_cookie.__doc__ = """				ensure_csrf_cookie.__doc__ = """
 Use this decorator to ensure that a view sets a CSRF cookie, 	Use this decorator to ensure that a view sets a CSRF cookie, 
 uses the csrf_token template tag, or the CsrfViewMiddleware i	uses the csrf_token template tag, or the CsrfViewMiddleware i
 """								"""


 def csrf_response_exempt(view_func):				def csrf_response_exempt(view_func):
    """								    """
    Modifies a view function so that its response is exempt	    Modifies a view function so that its response is exempt
    from the post-processing of the CSRF middleware.		    from the post-processing of the CSRF middleware.
    """								    """
    warnings.warn("csrf_response_exempt is deprecated. It no 	    warnings.warn("csrf_response_exempt is deprecated. It no 
                  "function, and calls to it can be removed."	                  "function, and calls to it can be removed."
                  PendingDeprecationWarning)			                  PendingDeprecationWarning)
    return view_func						    return view_func

 							      <
 def csrf_view_exempt(view_func):				def csrf_view_exempt(view_func):
    """								    """
    Marks a view function as being exempt from CSRF view prot	    Marks a view function as being exempt from CSRF view prot
    """								    """
    warnings.warn("csrf_view_exempt is deprecated. Use csrf_e	    warnings.warn("csrf_view_exempt is deprecated. Use csrf_e
                  PendingDeprecationWarning)			                  PendingDeprecationWarning)
    return csrf_exempt(view_func)				    return csrf_exempt(view_func)

 							      <
 def csrf_exempt(view_func):					def csrf_exempt(view_func):
    """								    """
    Marks a view function as being exempt from the CSRF view 	    Marks a view function as being exempt from the CSRF view 
    """								    """
    # We could just do view_func.csrf_exempt = True, but deco	    # We could just do view_func.csrf_exempt = True, but deco
    # are nicer if they don't have side-effects, so we return	    # are nicer if they don't have side-effects, so we return
    # function.							    # function.
    def wrapped_view(*args, **kwargs):				    def wrapped_view(*args, **kwargs):
        return view_func(*args, **kwargs)			        return view_func(*args, **kwargs)
    wrapped_view.csrf_exempt = True				    wrapped_view.csrf_exempt = True
    return wraps(view_func, assigned=available_attrs(view_fun	    return wraps(view_func, assigned=available_attrs(view_fun
	Comparison of edX's current implementation of views.decorators.csrf.py
	(https://github.com/edx/edx-platform/blob/master/common/djangoapps/django_future/csrf.py)
	versus the Django 1.4 stable implementation (https://github.com/django/django/blob/stable/1.4.x/django/views/decorators/csrf.py)

	$ diff -y common/djangoapps/django_future/csrf.py 1.4.x/django/views/decorators/csrf.py
	# Taken from Django 1.4 <
	<
	import warnings import warnings

	from django.middleware.csrf import CsrfViewMiddleware, get_to from django.middleware.csrf import CsrfViewMiddleware, get_to
	from django.utils.decorators import decorator_from_middleware from django.utils.decorators import decorator_from_middleware
	from functools import wraps from functools import wraps

	csrf_protect = decorator_from_middleware(CsrfViewMiddleware) csrf_protect = decorator_from_middleware(CsrfViewMiddleware)
	csrf_protect.__name__ = "csrf_protect" csrf_protect.__name__ = "csrf_protect"
	csrf_protect.__doc__ = """ csrf_protect.__doc__ = """
	This decorator adds CSRF protection in exactly the same way a This decorator adds CSRF protection in exactly the same way a
	CsrfViewMiddleware, but it can be used on a per view basis. CsrfViewMiddleware, but it can be used on a per view basis.
	using the decorator multiple times, is harmless and efficient using the decorator multiple times, is harmless and efficient
	""" """


	class _EnsureCsrfToken(CsrfViewMiddleware): class _EnsureCsrfToken(CsrfViewMiddleware):
	# We need this to behave just like the CsrfViewMiddleware # We need this to behave just like the CsrfViewMiddleware
	# requests. # requests.
	def _reject(self, request, reason): def _reject(self, request, reason):
	return None return None


	requires_csrf_token = decorator_from_middleware(_EnsureCsrfTo requires_csrf_token = decorator_from_middleware(_EnsureCsrfTo
	requires_csrf_token.__name__ = 'requires_csrf_token' requires_csrf_token.__name__ = 'requires_csrf_token'
	requires_csrf_token.__doc__ = """ requires_csrf_token.__doc__ = """
	Use this decorator on views that need a correct csrf_token av Use this decorator on views that need a correct csrf_token av
	RequestContext, but without the CSRF protection that csrf_pro RequestContext, but without the CSRF protection that csrf_pro
	enforces. enforces.
	""" """


	class _EnsureCsrfCookie(CsrfViewMiddleware): class _EnsureCsrfCookie(CsrfViewMiddleware):
	def _reject(self, request, reason): def _reject(self, request, reason):
	return None return None

	def process_view(self, request, callback, callback_args, def process_view(self, request, callback, callback_args,
	retval = super(_EnsureCsrfCookie, self).process_view( retval = super(_EnsureCsrfCookie, self).process_view(
	# Forces process_response to send the cookie # Forces process_response to send the cookie
	get_token(request) get_token(request)
	return retval return retval


	ensure_csrf_cookie = decorator_from_middleware(_EnsureCsrfCoo ensure_csrf_cookie = decorator_from_middleware(_EnsureCsrfCoo
	ensure_csrf_cookie.__name__ = 'ensure_csrf_cookie' ensure_csrf_cookie.__name__ = 'ensure_csrf_cookie'
	ensure_csrf_cookie.__doc__ = """ ensure_csrf_cookie.__doc__ = """
	Use this decorator to ensure that a view sets a CSRF cookie, Use this decorator to ensure that a view sets a CSRF cookie,
	uses the csrf_token template tag, or the CsrfViewMiddleware i uses the csrf_token template tag, or the CsrfViewMiddleware i
	""" """


	def csrf_response_exempt(view_func): def csrf_response_exempt(view_func):
	""" """
	Modifies a view function so that its response is exempt Modifies a view function so that its response is exempt
	from the post-processing of the CSRF middleware. from the post-processing of the CSRF middleware.
	""" """
	warnings.warn("csrf_response_exempt is deprecated. It no warnings.warn("csrf_response_exempt is deprecated. It no
	"function, and calls to it can be removed." "function, and calls to it can be removed."
	PendingDeprecationWarning) PendingDeprecationWarning)
	return view_func return view_func

	<
	def csrf_view_exempt(view_func): def csrf_view_exempt(view_func):
	""" """
	Marks a view function as being exempt from CSRF view prot Marks a view function as being exempt from CSRF view prot
	""" """
	warnings.warn("csrf_view_exempt is deprecated. Use csrf_e warnings.warn("csrf_view_exempt is deprecated. Use csrf_e
	PendingDeprecationWarning) PendingDeprecationWarning)
	return csrf_exempt(view_func) return csrf_exempt(view_func)

	<
	def csrf_exempt(view_func): def csrf_exempt(view_func):
	""" """
	Marks a view function as being exempt from the CSRF view Marks a view function as being exempt from the CSRF view
	""" """
	# We could just do view_func.csrf_exempt = True, but deco # We could just do view_func.csrf_exempt = True, but deco
	# are nicer if they don't have side-effects, so we return # are nicer if they don't have side-effects, so we return
	# function. # function.
	def wrapped_view(args, kwargs): def wrapped_view(args, **kwargs):
	return view_func(args, kwargs) return view_func(args, **kwargs)
	wrapped_view.csrf_exempt = True wrapped_view.csrf_exempt = True
	return wraps(view_func, assigned=available_attrs(view_fun return wraps(view_func, assigned=available_attrs(view_fun