Skip to content

Commit

Permalink
Add never_cache decorator to prevent csrf_token caching
Browse files Browse the repository at this point in the history
  • Loading branch information
varun kumar committed Aug 25, 2023
1 parent c52304f commit 1cecee9
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions allauth/account/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
from allauth.decorators import rate_limit
from allauth.exceptions import ImmediateHttpResponse
from allauth.utils import get_form_class, get_request_param
from django.views.decorators.cache import never_cache

from . import app_settings, signals
from .adapter import get_adapter
Expand Down Expand Up @@ -145,6 +146,7 @@ class LoginView(
redirect_field_name = "next"

@sensitive_post_parameters_m
@method_decorator(never_cache)
def dispatch(self, request, *args, **kwargs):
return super(LoginView, self).dispatch(request, *args, **kwargs)

Expand Down Expand Up @@ -230,6 +232,7 @@ class SignupView(
success_url = None

@sensitive_post_parameters_m
@method_decorator(never_cache)
def dispatch(self, request, *args, **kwargs):
return super(SignupView, self).dispatch(request, *args, **kwargs)

Expand Down

0 comments on commit 1cecee9

Please sign in to comment.