'Disable CSRF validation on Wagtail Page
I'm trying to do a curl POST request on a wagtail page. Unfortunately I hit the CSRF protection.
I tried to disabled CSRF on this specific type of page using the @csrf_exempt decorator, without success.
Here is my pseudo code (one of many attemps):
@method_decorator(csrf_exempt, name='serve')
class NewsletterPage(MedorPage):
class Meta:
verbose_name = _("newsletter page")
Seems like the csrf verifition is done even before the serve method is called.
Any idea?
thanks
Solution 1:[1]
You would have to decorate the wagtail.core.views.serve view itself. Since that is patchy as you want to keep its url in your wagtail_urls, you could do the following wherever you include the wagtail urls:
# urls.py
# ...
from wagtail.core import urls as wagtail_urls
# ...
### these two lines can really go anywhere ...
from wagtail.core import views
views.serve.csrf_exempt = True
### ... where they are executed at loading time
urlpatterns = [
# ...
re_path(r'^pages/', include(wagtail_urls)),
# ...
]
This will apply to all wagtail pages then, not just one specific type however.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | user2390182 |