exempt publishing api from csrf

[wolnelektury.git] / apps / api / urls.py

diff --git a/apps/api/urls.py b/apps/api/urls.py
index a22f3b7..f9f9c22 100644 (file)
--- a/apps/api/urls.py
+++ b/apps/api/urls.py
@@ -1,10 +1,11 @@
 # -*- coding: utf-8 -*-
 from django.conf.urls.defaults import *
-from piston.authentication import OAuthAuthentication
+from django.views.decorators.csrf import csrf_exempt
+from piston.authentication import OAuthAuthentication, oauth_access_token 
 from piston.resource import Resource
 
 from api import handlers
-from catalogue.models import Book
+from api.helpers import CsrfExemptResource
 
 auth = OAuthAuthentication(realm="Wolne Lektury")
 
@@ -12,7 +13,7 @@ book_changes_resource = Resource(handler=handlers.BookChangesHandler)
 tag_changes_resource = Resource(handler=handlers.TagChangesHandler)
 changes_resource = Resource(handler=handlers.ChangesHandler)
 
-book_list_resource = Resource(handler=handlers.BooksHandler, authentication=auth)
+book_list_resource = CsrfExemptResource(handler=handlers.BooksHandler, authentication=auth)
 #book_list_resource = Resource(handler=handlers.BooksHandler)
 book_resource = Resource(handler=handlers.BookDetailHandler)
 
@@ -22,13 +23,13 @@ tag_resource = Resource(handler=handlers.TagDetailHandler)
 fragment_resource = Resource(handler=handlers.FragmentDetailHandler)
 fragment_list_resource = Resource(handler=handlers.FragmentsHandler)
 
-picture_resource = Resource(handler=handlers.PictureHandler, authentication=auth)
+picture_resource = CsrfExemptResource(handler=handlers.PictureHandler, authentication=auth)
 
 urlpatterns = patterns(
     'piston.authentication',
     url(r'^oauth/request_token/$', 'oauth_request_token'),
     url(r'^oauth/authorize/$', 'oauth_user_auth'),
-    url(r'^oauth/access_token/$', 'oauth_access_token'),
+    url(r'^oauth/access_token/$', csrf_exempt(oauth_access_token)),
 
 ) + patterns('',
     url(r'^$', 'django.views.generic.simple.direct_to_template',