From 8cc240ede3eb5e2ba7e60ac328367d5c4365d6a6 Mon Sep 17 00:00:00 2001
From: Okhin <okhin@okhin.fr>
Date: Tue, 23 May 2017 12:09:44 +0200
Subject: [PATCH] Let's enforce csrf on home, it seems the cookie is never sent
 to the client only on this view. /spend 1h

---
 src/memopol/views/home.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/memopol/views/home.py b/src/memopol/views/home.py
index 50d4653..0376ab4 100644
--- a/src/memopol/views/home.py
+++ b/src/memopol/views/home.py
@@ -5,6 +5,8 @@ import random
 
 from django.db.models import Q, Count
 from django.views import generic
+from django.utils.decorators import method_decorator
+from django.views.decorators.csrf import csrf_protect
 
 from representatives.models import Chamber, Representative
 from representatives_positions.views import PositionFormMixin
@@ -20,6 +22,10 @@ class HomeView(PositionFormMixin, RepresentativeViewMixin,
                generic.TemplateView):
     template_name = 'home.html'
 
+    @method_decorator(csrf_protect)
+    def dispatch(self, *args, **kwargs):
+        return super(HomeView, self).dispatch(*args, **kwargs)
+
     def get_context_data(self, **kwargs):
         c = super(HomeView, self).get_context_data(**kwargs)
 
-- 
GitLab