From 18083e98796ea75fd762146ddbd10b4ce238f773 Mon Sep 17 00:00:00 2001
From: David Baumgold <david@davidbaumgold.com>
Date: Mon, 10 Nov 2014 12:07:22 -0500
Subject: [PATCH] Use @require_POST decorator for password reset view

---
 common/djangoapps/student/views.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/common/djangoapps/student/views.py b/common/djangoapps/student/views.py
index c51f995012..388a2b8bfe 100644
--- a/common/djangoapps/student/views.py
+++ b/common/djangoapps/student/views.py
@@ -1790,11 +1790,9 @@ def activate_account(request, key):
 
 
 @csrf_exempt
+@require_POST
 def password_reset(request):
     """ Attempts to send a password reset e-mail. """
-    if request.method != "POST":
-        raise Http404
-
     # Add some rate limiting here by re-using the RateLimitMixin as a helper class
     limiter = BadRequestRateLimiter()
     if limiter.is_rate_limit_exceeded(request):