decorators.py 文件源码

def csrf(func):
    """
    Ensures csrf token cookie or checkes it based on request method type.
    """
    @wraps(func)
    def wrapper(req, *args, **kwargs):
        if req.method in ('GET', 'HEAD', 'OPTIONS', 'TRACE'):
            return (ensure_csrf_cookie(func))(req, *args, **kwargs)
            # Default cookie by CSRF_COOKIE_NAME in settings is 'csrftoken'
            # submit back in either req.form['csrfmiddlewaretoken'] or req['X-CSRFToken']
            # the latter often used by Ajax and can be configured by CSRF_HEADER_NAME in settings
        else:
            func.csrf_exempt = False  # reset csrf_exempt set by @csrf_exempt during @service
            return (csrf_protect(func))(req, *args, **kwargs)
            # Note that we don't use requires_csrf_token() here since it was for making the 'csrf_token' tag work in django templates.
    return wrapper