JsonResponse class, including comment wrapping. Extensions to other kinds of CSRF protection should be obvious. Good explanations of why such protections are needed would make excellent comments on this snippet.
This depends on the
json_encode method in snippet 800.
1 2 3 4 5 6 7 8 9 10 11 12
from snippet 800 import json_encode from django.http import HttpResponse class JsonResponse(HttpResponse): '''Like an HttpResponse, but encodes the data as JSON. The file-like operations probably won't do what you want.''' def __init__(self, obj, comment=True, **kw): json = json_encode(obj) if comment: # Put the JSON in comments to avoid CSRF issues: json = '/* %s */' % json super(JsonResponse, self).__init__(json, mimetype='application/json', **kw)