From 77f700f53c2fb8e5f1cc76fd4eb974699aa089c2 Mon Sep 17 00:00:00 2001
From: Diane Trout <diane@caltech.edu>
Date: Fri, 16 Sep 2011 17:31:08 -0700
Subject: [PATCH] Disable csrf protection for the json urls

---
 htsworkflow/frontend/experiments/experiments.py | 3 +++
 htsworkflow/frontend/samples/views.py           | 3 +++
 2 files changed, 6 insertions(+)
 mode change 100755 => 100644 htsworkflow/frontend/experiments/experiments.py

diff --git a/htsworkflow/frontend/experiments/experiments.py b/htsworkflow/frontend/experiments/experiments.py
old mode 100755
new mode 100644
index 3cdbc7b..1ccba52
--- a/htsworkflow/frontend/experiments/experiments.py
+++ b/htsworkflow/frontend/experiments/experiments.py
@@ -9,6 +9,7 @@ import os
 import re
 
 from django.contrib.auth.decorators import login_required
+from django.contrib.csrf.middleware import csrf_exempt
 from django.core.exceptions import ObjectDoesNotExist
 from django.core.mail import send_mail, mail_admins
 from django.http import HttpResponse, Http404
@@ -78,6 +79,7 @@ def flowcell_information(flowcell_id):
 
     return info
 
+@csrf_exempt
 def flowcell_json(request, fc_id):
     """
     Return a JSON blob containing enough information to generate a config file.
@@ -117,6 +119,7 @@ def lanes_for(username=None):
                         'affiliations': affiliations_list})
     return result
 
+@csrf_exempt
 def lanes_for_json(request, username):
     """
     Format lanes for a user
diff --git a/htsworkflow/frontend/samples/views.py b/htsworkflow/frontend/samples/views.py
index 320559e..4703cd3 100644
--- a/htsworkflow/frontend/samples/views.py
+++ b/htsworkflow/frontend/samples/views.py
@@ -9,6 +9,7 @@ try:
 except ImportError, e:
     import simplejson as json
 
+from django.contrib.csrf.middleware import csrf_exempt
 from htsworkflow.frontend.auth import require_api_key
 from htsworkflow.frontend.experiments.models import FlowCell, Lane, LANE_STATUS_MAP
 from htsworkflow.frontend.samples.changelist import ChangeList
@@ -490,6 +491,7 @@ def library_dict(library_id):
         info['library_type'] = lib.library_type.name
     return info
 
+@csrf_exempt
 def library_json(request, library_id):
     """
     Return a json formatted library dictionary
@@ -504,6 +506,7 @@ def library_json(request, library_id):
     lib_json = json.dumps(lib)
     return HttpResponse(lib_json, mimetype='application/json')
 
+@csrf_exempt
 def species_json(request, species_id):
     """
     Return information about a species.
-- 
2.30.2