From dad70c5ae3db7aaec1062f41b58ee96b984e3ad7 Mon Sep 17 00:00:00 2001 From: Piotr Mitros Date: Fri, 13 Jan 2012 19:41:28 -0500 Subject: [PATCH] Proper from addresses, static view allows CSRF --- settings.py | 4 ++-- static_template_view/views.py | 9 +++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/settings.py b/settings.py index d1151a6e7a..9abff2f6ca 100644 --- a/settings.py +++ b/settings.py @@ -7,8 +7,8 @@ if not COURSEWARE_ENABLED: EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' SITE_NAME = "localhost:8000" -DEFAULT_FROM_EMAIL = 'nobody@localhost' -DEFAULT_FEEDBACK_EMAIL = 'nobody@localhost' +DEFAULT_FROM_EMAIL = 'registration@mitx.mit.edu' +DEFAULT_FEEDBACK_EMAIL = 'feedback@mitx.mit.edu' WIKI_REQUIRE_LOGIN_EDIT = True WIKI_REQUIRE_LOGIN_VIEW = True diff --git a/static_template_view/views.py b/static_template_view/views.py index 89707d2a2f..afe610c28a 100644 --- a/static_template_view/views.py +++ b/static_template_view/views.py @@ -6,11 +6,16 @@ from djangomako.shortcuts import render_to_response, render_to_string from django.shortcuts import redirect -valid_templates=['index.html', 'staff.html', 'info.html', 'credits.html'] +from auth.views import csrf + +#valid_templates=['index.html', 'staff.html', 'info.html', 'credits.html'] +valid_templates=['mitx.html', 'index.html', 'courseinfo.html'] def index(request, template): + csrf_token = csrf(request)['csrf_token'] if template in valid_templates: - return render_to_response(template,{}) + return render_to_response(template,{'error' : '', + 'csrf': csrf_token}) else: return redirect('/')