id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
20908	csrf_exempt does not work with `__call__`	akshar	nobody	"Suppose my view is like:

    class Resource(object):
        @csrf_exempt
        def __call__(self, request, `*args`, `**kwargs`):
            #dispatch to any other method and get response
            #return response

#urls.py

    resource = Resource()

    url(r'resource/$', resource, name='resource')

Now if I try to make a POST request to this url, it gives '403 Forbidden'.
Same issue on SO can be found at http://stackoverflow.com/questions/10252238/csrf-exempt-stopped-working-in-django-1-4

What I guess is happening:

On line https://github.com/django/django/blob/1.5/django/core/handlers/base.py#L104

If it were a function based view, `callback` would have been a csrf_exempt decorated function and CsrfViewMiddleware processing would have left it to pass without raising a 403, because this decorated function would have had an attribute `csrf_exempt`.

But since it is not a FBV, `callback` says it is still an object, something like <app.views.Resource object at 0xb5f8352c>. So, function decoration of __call__ has not taken place till this point and so the CsrfViewMiddleware returns a 403."	Bug	closed	CSRF	1.5	Normal	invalid			Unreviewed	0	0	0	0	0	0