mirror of
https://github.com/zulip/zulip.git
synced 2026-07-15 21:03:26 +08:00
github: Fix GitHub integration CSRF issue.
The new GitHub dispatcher integration was apparently totally broken, because we hadn't tagged the new dispatcher endpoint as exempt from CSRF checking. I'm not sure why the test suite didn't catch this.
This commit is contained in:
parent
88da3dea7e
commit
a61386cbbc
@ -1,9 +1,12 @@
|
||||
from __future__ import absolute_import
|
||||
from django.http import HttpRequest, HttpResponse
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from .github_webhook import api_github_webhook
|
||||
from .github import api_github_landing
|
||||
|
||||
|
||||
# Since this dispatcher is an API-style endpoint, it needs to be
|
||||
# explicitly marked as CSRF-exempt
|
||||
@csrf_exempt
|
||||
def api_github_webhook_dispatch(request):
|
||||
# type: (HttpRequest) -> HttpResponse
|
||||
if request.META.get('HTTP_X_GITHUB_EVENT'):
|
||||
|
||||
Loading…
Reference in New Issue
Block a user