aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--mediagoblin/middleware/csrf.py5
1 files changed, 4 insertions, 1 deletions
diff --git a/mediagoblin/middleware/csrf.py b/mediagoblin/middleware/csrf.py
index 68ece6d3..d41bcd87 100644
--- a/mediagoblin/middleware/csrf.py
+++ b/mediagoblin/middleware/csrf.py
@@ -77,7 +77,10 @@ class CsrfMiddleware(object):
# if this is a non-"safe" request (ie, one that could have
# side effects), confirm that the CSRF tokens are present and
# valid
- if request.method not in self.SAFE_HTTP_METHODS:
+ if request.method not in self.SAFE_HTTP_METHODS \
+ and ('gmg.verify_csrf' in request.environ or
+ 'paste.testing' not in request.environ):
+
return self.verify_tokens(request)
def process_response(self, request, response):
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-08 12:20:50 +0000