Fix another CSRF issue

Also turn that DEBUG to False, just for shits & giggles
2025-08-06 21:42:31 +02:00 · 2025-08-06 21:42:31 +02:00 · 767b722025
commit 767b722025
parent 6b5a43b7a9
2 changed files with 3 additions and 2 deletions
--- a/backend/zetikettes/tikette/views.py
+++ b/backend/zetikettes/tikette/views.py
@ -5,7 +5,7 @@ from django.conf import settings
 from django.core.exceptions import PermissionDenied
 from django.http import JsonResponse
 from django.shortcuts import render
-from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.csrf import csrf_exempt, ensure_csrf_cookie
 from google.auth.transport import requests
 from google.oauth2 import id_token

@ -51,6 +51,7 @@ def quirk_bold_allergens(ingredients):


@auth_only
+@ensure_csrf_cookie
 def get_list(request):
    tikettes = [{
        'id': x.id,
--- a/backend/zetikettes/zetikettes/settings.py
+++ b/backend/zetikettes/zetikettes/settings.py
@ -27,7 +27,7 @@ MEDIA_URL = '/data/'
 SECRET_KEY = 'django-insecure-64qxpe55#9wy=5@#dl0)3w7ywxh48m!f&!slp9e7v4lh@hjdct'

 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = False

 ALLOWED_HOSTS = ['*']
 CSRF_TRUSTED_ORIGINS = ['https://*.ponteilla.net']