From 9270c7c77d57631da64ece358a3f8610d97187cb Mon Sep 17 00:00:00 2001 From: Greg Price Date: Mon, 10 Nov 2014 15:20:35 -0500 Subject: [PATCH] Make OAuth token login endpoint CSRF exempt --- common/djangoapps/student/views.py | 1 + 1 file changed, 1 insertion(+) diff --git a/common/djangoapps/student/views.py b/common/djangoapps/student/views.py index c51f995012..177c37dc84 100644 --- a/common/djangoapps/student/views.py +++ b/common/djangoapps/student/views.py @@ -1114,6 +1114,7 @@ def login_user(request, error=""): # pylint: disable-msg=too-many-statements,un }) # TODO: this should be status code 400 # pylint: disable=fixme +@csrf_exempt @require_POST @social_utils.strategy("social:complete") def login_oauth_token(request, backend):