From dbfd77e661d7976adb46c62802103a6ea947e723 Mon Sep 17 00:00:00 2001
From: Clinton Blackburn <cblackburn@edx.org>
Date: Wed, 3 Jun 2015 17:14:21 -0400
Subject: [PATCH] Disabled CSRF Validation for checkout cancel page

CyberSource will POST to this view if the user cancels payment. CSRF validation cannot be enabled when this happens.

ECOM-1689
---
 lms/djangoapps/commerce/views.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lms/djangoapps/commerce/views.py b/lms/djangoapps/commerce/views.py
index da6042b00e..efbe3c7429 100644
--- a/lms/djangoapps/commerce/views.py
+++ b/lms/djangoapps/commerce/views.py
@@ -136,6 +136,7 @@ class BasketsView(APIView):
             return InternalRequestErrorResponse(ex.message)
 
 
+@csrf_exempt
 @cache_page(1800)
 def checkout_cancel(_request):
     """ Checkout/payment cancellation view. """