Merge pull request #5856 from edx/django-require-post

The Django @require_POST decorator is cool.
2014-11-10 15:08:11 -05:00
parent b0b1744e18 18083e9879
commit 6774d1c047
1 changed files with 1 additions and 3 deletions
--- a/common/djangoapps/student/views.py
+++ b/common/djangoapps/student/views.py
@@ -1790,11 +1790,9 @@ def activate_account(request, key):


@csrf_exempt
+@require_POST
 def password_reset(request):
    """ Attempts to send a password reset e-mail. """
-    if request.method != "POST":
-        raise Http404
-
    # Add some rate limiting here by re-using the RateLimitMixin as a helper class
    limiter = BadRequestRateLimiter()
    if limiter.is_rate_limit_exceeded(request):