From 57ca334887b6bb2a34d3dfb09809e0593253da07 Mon Sep 17 00:00:00 2001 From: wvffle Date: Tue, 13 Dec 2022 13:58:11 +0000 Subject: [PATCH] Fix cookies not being set on new frontend deployment --- api/config/settings/common.py | 2 +- api/funkwhale_api/instance/views.py | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/api/config/settings/common.py b/api/config/settings/common.py index a83112b4a..a9258f6a8 100644 --- a/api/config/settings/common.py +++ b/api/config/settings/common.py @@ -1173,7 +1173,7 @@ Examples: - ``^api/mycustompath/`` """ -CSRF_USE_SESSIONS = True +CSRF_USE_SESSIONS = False SESSION_ENGINE = "django.contrib.sessions.backends.cache" ACCOUNT_USERNAME_BLACKLIST = [ diff --git a/api/funkwhale_api/instance/views.py b/api/funkwhale_api/instance/views.py index bad2a41af..2a3e7010d 100644 --- a/api/funkwhale_api/instance/views.py +++ b/api/funkwhale_api/instance/views.py @@ -4,6 +4,8 @@ import logging from cache_memoize import cache_memoize from django.conf import settings from django.urls import reverse +from django.utils.decorators import method_decorator +from django.views.decorators.csrf import ensure_csrf_cookie from drf_spectacular.utils import extend_schema from dynamic_preferences.api import viewsets as preferences_viewsets from dynamic_preferences.api.serializers import GlobalPreferenceSerializer @@ -55,6 +57,7 @@ class InstanceSettings(generics.GenericAPIView): return Response(data, status=200) +@method_decorator(ensure_csrf_cookie, name="dispatch") class NodeInfo(views.APIView): permission_classes = [] authentication_classes = []