csrf_exempt does not work with `__call__`
|Reported by:||akshar||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Suppose my view is like:
def call(self, request, *args, **kwargs):
#dispatch to any other method and get response
resource = Resource()
url(r'resource/$', resource, name='resource')
Now if I try to make a POST request to this url, it gives '403 Forbidden'.
Same issue on SO can be found at http://stackoverflow.com/questions/10252238/csrf-exempt-stopped-working-in-django-1-4
What I guess is happening:
If it were a function based view, callback would have been a csrf_exempt decorated function and CsrfViewMiddleware processing would have left it to pass without raising a 403, because this decorated function would have had an attribute csrf_exempt.
But since it is not a FBV, callback says it is still an object, something like <app.views.Resource object at 0xb5f8352c>. So, function decoration of call has not taken place till this point and so the CsrfViewMiddleware returns a 403.