csrf_exempt for contest form

diff --git a/wtem/templates/wtem/main.html b/wtem/templates/wtem/main.html
index 61ad395..4f80064 100644 (file)
--- a/wtem/templates/wtem/main.html
+++ b/wtem/templates/wtem/main.html
@@ -48,7 +48,6 @@
 Zespół Edukacji Medialnej, Fundacja Nowoczesna Polska</p>
 
 <form method="post" enctype="multipart/form-data">
-{% csrf_token %}
 
 {% for exercise in exercises %}
     {% with 'wtem/exercises/'|add:exercise.type|add:'.html' as template_name %}

diff --git a/wtem/views.py b/wtem/views.py
index 551a781..b6e21b0 100644 (file)
--- a/wtem/views.py
+++ b/wtem/views.py
@@ -4,6 +4,7 @@ from django.shortcuts import render
 from django.utils import simplejson
 from django.conf import settings
 from django.http import Http404, HttpResponseForbidden
+from django.views.decorators.csrf import csrf_exempt
 
 from .models import Submission, DEBUG_KEY, exercises
 from .forms import WTEMForm
@@ -11,6 +12,7 @@ from .forms import WTEMForm
 WTEM_CONTEST_STAGE = getattr(settings, 'WTEM_CONTEST_STAGE', 'before')
 
 
+@csrf_exempt
 def form(request, key):
     return globals()['form_' + WTEM_CONTEST_STAGE](request, key)
     
@@ -20,6 +22,7 @@ def form_before(request, key):
 def form_after(request, key):
     return render(request, 'wtem/main_after.html')
 
+@csrf_exempt
 def form_during(request, key):
 
     if WTEM_CONTEST_STAGE != 'during':