Exclude CSRF token and check for the bug submission form

diff --git a/pgweb/misc/views.py b/pgweb/misc/views.py
index 0e0a88ee17f89dd985f4419e2c20af8992b42405..f1775cf270ceaed13f3ccc199409698c1109e415 100644 (file)
--- a/pgweb/misc/views.py
+++ b/pgweb/misc/views.py
@@ -1,5 +1,6 @@
 from django.shortcuts import render_to_response, get_object_or_404
 from django.http import HttpResponseRedirect, HttpResponse, Http404
+from django.views.decorators.csrf import csrf_exempt
 from django.db import connection
 from django.conf import settings
 
@@ -13,6 +14,7 @@ from pgweb.core.models import Version
 
 from forms import *
 
+@csrf_exempt
 def submitbug(request):
        if request.method == 'POST':
                form = SubmitBugForm(request.POST)
@@ -44,6 +46,7 @@ def submitbug(request):
                'form': form,
                'formitemtype': 'bug report',
                'operation': 'Submit',
+               'nocsrf': True,
                'form_intro': template_to_string('misc/bug_header.html', {
                        'supportedversions': versions,
                }),

diff --git a/templates/base/form.html b/templates/base/form.html
index ed076dc3abf3025e684b5a55da4f2451afc52ea5..ec90bbf6d239c7ee5898aff90f143bb04db1876c 100644 (file)
--- a/templates/base/form.html
+++ b/templates/base/form.html
@@ -3,7 +3,7 @@
 {%block title%}{{operation|default:"Edit"}} {{formitemtype}}{%endblock%}
 {%block contents%}
 <h1>{{operation|default:"Edit"}} {{formitemtype}}</h1>
-<form method="post" action=".">{% csrf_token %}
+<form method="post" action=".">{%if not nocsrf%}{% csrf_token %}{%endif%}
 {%if form_intro%}
 <p>
 {{form_intro|safe}}