I'm trying to do a curl POST request on a wagtail page. Unfortunately I hit the CSRF protection.
I tried to disabled CSRF on this specific type of page using the @csrf_exempt
decorator, without success.
Here is my pseudo code (one of many attemps):
@method_decorator(csrf_exempt, name='serve')
class NewsletterPage(MedorPage):
class Meta:
verbose_name = _("newsletter page")
Seems like the csrf verifition is done even before the serve
method is called.
Any idea?
thanks
I ended up subclassing the CSRF middleware like so:
from django.middleware.csrf import CsrfViewMiddleware
from wagtail.core.views import serve
from myproject_newsletter.models import NewsletterIndexPage
class CustomCsrfViewMiddleware(CsrfViewMiddleware):
def process_view(self, request, callback, callback_args, callback_kwargs):
if callback == serve:
# We are visiting a wagtail page. Check if this is a NewsletterPage
# and if so, do not perfom any CSRF validation
page = NewsletterIndexPage.objects.first()
path = callback_args[0]
if page and path.startswith(page.get_url_parts()[-1][1:])
return None
return super().process_view(request, callback, callback_args, callback_kwargs)