From 9573bdca55ddc5488066d3af525e41ed1d872ea6 Mon Sep 17 00:00:00 2001
From: NavaL <ayoyo@thoughtworks.com>
Date: Wed, 24 Feb 2016 16:33:20 +0100
Subject: Backend and frontend protection against csrf attacks: - root
 resources changes the csrf token cookie everytime it is loaded, in particular
 during the intestitial load during login - it will also add that cookie on
 single user mode - initialize will still load all resources - but they you
 cant access them if the csrf token do not match - all ajax calls needs to add
 the token to the header - non ajax get requests do not need xsrf token
 validation - non ajax post will have to send the token in as a form input or
 in the content

Issue #612
---
 service/pixelated/resources/__init__.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'service/pixelated/resources/__init__.py')

diff --git a/service/pixelated/resources/__init__.py b/service/pixelated/resources/__init__.py
index 14ecac86..469c8bc8 100644
--- a/service/pixelated/resources/__init__.py
+++ b/service/pixelated/resources/__init__.py
@@ -99,3 +99,7 @@ class UnAuthorizedResource(Resource):
     def render_GET(self, request):
         request.setResponseCode(UNAUTHORIZED)
         return "Unauthorized!"
+
+    def render_POST(self, request):
+        request.setResponseCode(UNAUTHORIZED)
+        return "Unauthorized!"
-- 
cgit v1.2.3