gnx/GNX-WEB
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Iliyan Angelov
2025-11-29 14:49:53 +02:00
parent 041890f32e
commit 4c15d90a6a
3 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
backEnd/contact/views.py
View File

@@ -62,6 +62,15 @@ class ContactSubmissionViewSet(viewsets.ModelViewSet):
permission_classes = [IsAuthenticated] permission_classes = [IsAuthenticated]
return [permission() for permission in permission_classes] return [permission() for permission in permission_classes]
def get_authenticators(self):
"""
Override authentication for create action to bypass CSRF.
By returning an empty list, DRF won't enforce CSRF for this action.
"""
if hasattr(self, 'action') and self.action == 'create':
return []
return super().get_authenticators()
def create(self, request, *args, **kwargs): def create(self, request, *args, **kwargs):
""" """
Create a new contact submission. Create a new contact submission.

37
backEnd/gnx/middleware/csrf_exempt.py Normal file
View File

@@ -0,0 +1,37 @@
"""
CSRF Exemption Middleware
Exempts CSRF checks for specific public API endpoints that don't require authentication.
"""
from django.utils.deprecation import MiddlewareMixin
import re
class CSRFExemptMiddleware(MiddlewareMixin):
"""
Middleware to exempt CSRF for public API endpoints.
Runs before CSRF middleware to set the exemption flag.
"""
# Paths that should be exempt from CSRF (public endpoints)
# Patterns match both with and without trailing slashes
EXEMPT_PATHS = [
r'^/api/contact/submissions/?$', # Contact form submission
r'^/api/career/applications/?$', # Job application submission (if needed)
r'^/api/support/tickets/?$', # Support ticket creation (if needed)
]
def process_request(self, request):
"""
Set CSRF exemption flag for matching paths.
"""
if request.method == 'POST':
path = request.path
for pattern in self.EXEMPT_PATHS:
if re.match(pattern, path):
# Set flag to bypass CSRF check
setattr(request, '_dont_enforce_csrf_checks', True)
break
return None

1
backEnd/gnx/settings.py
View File

@@ -68,6 +68,7 @@ MIDDLEWARE = [
'gnx.middleware.api_security.FrontendAPIProxyMiddleware', # Validate requests from frontend/nginx 'gnx.middleware.api_security.FrontendAPIProxyMiddleware', # Validate requests from frontend/nginx
'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware', 'django.middleware.common.CommonMiddleware',
'gnx.middleware.csrf_exempt.CSRFExemptMiddleware', # Exempt CSRF for public API endpoints
'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages.middleware.MessageMiddleware',