changed view to limit to post on json request. this makes sure the csrf is checked.

2025-12-06 06:17:17 +00:00 · 2016-04-05 10:11:06 +01:00
parent b9419ac074
commit bfac5efd89
1 changed files with 5 additions and 2 deletions
--- a/comic/views.py
+++ b/comic/views.py
@@ -1,15 +1,16 @@
+import json
 import uuid
 from os import path
-import json

 from django.contrib.auth import login, authenticate
 from django.contrib.auth.decorators import login_required, user_passes_test
 from django.contrib.auth.models import User
+from django.db.models import Max
 from django.http import HttpResponse
 from django.shortcuts import render, redirect, get_object_or_404
 from django.utils.http import urlsafe_base64_decode
 from django.views.decorators.csrf import ensure_csrf_cookie
-from django.db.models import Max
+from django.views.decorators.http import require_POST

 from .forms import SettingsForm, AccountForm, EditUserForm, AddUserForm, InitialSetupForm
 from .models import Setting, ComicBook, ComicStatus, Directory, ComicPage
@@ -55,6 +56,7 @@ def comic_list(request, directory_selector=False):


@login_required
+@require_POST
 def comic_list_json(request, directory_selector=False):
    icon_str = '<span class="glyphicon {0}"></span>'
    if directory_selector:
@@ -78,6 +80,7 @@ def comic_list_json(request, directory_selector=False):
    )


+
@login_required
 def account_page(request):
    success_message = []