Disable csrf protection for the json urls

[htsworkflow.git] / htsworkflow / frontend / experiments / experiments.py

diff --git a/htsworkflow/frontend/experiments/experiments.py b/htsworkflow/frontend/experiments/experiments.py
old mode 100755 (executable)
new mode 100644 (file)
index 3cdbc7b..1ccba52
--- a/htsworkflow/frontend/experiments/experiments.py
+++ b/htsworkflow/frontend/experiments/experiments.py
@@ -9,6 +9,7 @@ import os
 import re
 
 from django.contrib.auth.decorators import login_required
+from django.contrib.csrf.middleware import csrf_exempt
 from django.core.exceptions import ObjectDoesNotExist
 from django.core.mail import send_mail, mail_admins
 from django.http import HttpResponse, Http404
@@ -78,6 +79,7 @@ def flowcell_information(flowcell_id):
 
     return info
 
+@csrf_exempt
 def flowcell_json(request, fc_id):
     """
     Return a JSON blob containing enough information to generate a config file.
@@ -117,6 +119,7 @@ def lanes_for(username=None):
                         'affiliations': affiliations_list})
     return result
 
+@csrf_exempt
 def lanes_for_json(request, username):
     """
     Format lanes for a user