Proper from addresses, static view allows CSRF

2012-01-13 19:41:28 -05:00
parent 55c10212f9
commit dad70c5ae3
2 changed files with 9 additions and 4 deletions
--- a/settings.py
+++ b/settings.py
@@ -7,8 +7,8 @@ if not COURSEWARE_ENABLED:
 EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 SITE_NAME = "localhost:8000"

-DEFAULT_FROM_EMAIL = 'nobody@localhost'
-DEFAULT_FEEDBACK_EMAIL = 'nobody@localhost'
+DEFAULT_FROM_EMAIL = 'registration@mitx.mit.edu'
+DEFAULT_FEEDBACK_EMAIL = 'feedback@mitx.mit.edu'

 WIKI_REQUIRE_LOGIN_EDIT = True
 WIKI_REQUIRE_LOGIN_VIEW = True
--- a/static_template_view/views.py
+++ b/static_template_view/views.py
@@ -6,11 +6,16 @@
 from djangomako.shortcuts import render_to_response, render_to_string
 from django.shortcuts import redirect

-valid_templates=['index.html', 'staff.html', 'info.html', 'credits.html']
+from auth.views import csrf
+
+#valid_templates=['index.html', 'staff.html', 'info.html', 'credits.html']
+valid_templates=['mitx.html', 'index.html', 'courseinfo.html']

 def index(request, template): 
+    csrf_token = csrf(request)['csrf_token']
    if template in valid_templates:
-        return render_to_response(template,{})
+        return render_to_response(template,{'error' : '',
+                                            'csrf': csrf_token})
    else:
        return redirect('/')