From: Magnus Hagander <magnus@hagander.net>
Date: Sun, 16 Jun 2013 16:32:06 +0000 (+0200)
Subject: Exclude the ftp info upload page from CSRF checks
X-Git-Url: http://git.postgresql.org/gitweb/static/gitweb.js?a=commitdiff_plain;h=1229faca8a731e56c53db9fc851296c343ff6804;p=pgweb.git

Exclude the ftp info upload page from CSRF checks

This is a pure PUT from a trusted IP, so it fails with 403 with the
CSRF middleware.
---

diff --git a/pgweb/downloads/views.py b/pgweb/downloads/views.py
index 6cdae8a3..2c475870 100644
--- a/pgweb/downloads/views.py
+++ b/pgweb/downloads/views.py
@@ -2,6 +2,7 @@ from django.shortcuts import render_to_response, get_object_or_404
 from django.http import HttpResponse, Http404, HttpResponseRedirect
 from django.template import TemplateDoesNotExist, loader, Context
 from django.contrib.auth.decorators import login_required
+from django.views.decorators.csrf import csrf_exempt
 from django.db import connection, transaction
 from django.conf import settings
 
@@ -105,6 +106,7 @@ def _get_numeric_ip(request):
 # There is no concurrency check - the ftp site better not send more than one
 # file in parallel.
 @ssl_required
+@csrf_exempt
 def uploadftp(request):
 	if request.method != 'PUT':
 		return HttpServerError("Invalid method")