X-Git-Url: https://git.mdrn.pl/edumed.git/blobdiff_plain/118fd7ac41a586001b4c8f45c149731cc9a2e586..5d79e48732565dad23a8592eeebc8741972ef5cc:/wtem/views.py

diff --git a/wtem/views.py b/wtem/views.py
index 38a4985..fbef888 100644
--- a/wtem/views.py
+++ b/wtem/views.py
@@ -4,6 +4,7 @@ from django.shortcuts import render
 from django.utils import simplejson
 from django.conf import settings
 from django.http import Http404, HttpResponseForbidden
+from django.views.decorators.cache import never_cache
 from django.views.decorators.csrf import csrf_exempt
 
 from .models import Submission, DEBUG_KEY, exercises
@@ -27,11 +28,12 @@ def form_before(request, key):
 def form_after(request, key):
     return render(request, 'wtem/main_after.html')
 
+@never_cache
 @csrf_exempt
 def form_during(request, key):
 
     if WTEM_CONTEST_STAGE != 'during':
-        if request.META['REMOTE_ADDR'] != getattr(settings, 'WTEM_CONTEST_IP_ALLOW', 'xxx'):
+        if request.META['REMOTE_ADDR'] not in getattr(settings, 'WTEM_CONTEST_IP_ALLOW', []):
             return HttpResponseForbidden('Not allowed')
 
     try: