added csfr protection for api

members/static/js/members_routers.js

@@ -1,5 +1,11 @@
 var app = angular.module('memberApp', ['ngRoute']);
 
+
+myApp.config(['$httpProvider', function ($httpProvider) {
+    $httpProvider.defaults.xsrfCookieName = 'csrftoken';
+    $httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';
+}
+
 app.config(['$routeProvider', function($routeProvider){
     $routeProvider
         .when('/',{
@@ -14,6 +20,10 @@ app.config(['$routeProvider', function($routeProvider){
             templateUrl:"/static/html/lisaa_jasen.html",
             controller:'postController',
         })
+        .when('/edit/:id',{
+            templateUrl:"/static/html/muokkaa_jasenta.html",
+            controller:'editController',
+        })
         .otherwise({
             'redirectTo':"/"
         })

members/views.py

@@ -1,16 +1,20 @@
 from django.shortcuts import render, get_object_or_404
+from django.views.decorators.csrf import ensure_csrf_cookie
 from django.http import HttpResponse, HttpResponseBadRequest
 from django.core.exceptions import ValidationError
 from members.models import Member, MemberRequest
 import json
 
+@ensure_csrf_cookie
 def index(request, *args, **kwargs):
     return render(request, 'members_index.html',{})
 
+@ensure_csrf_cookie
 def members(request, *args, **kwargs):
     mems = list(map(lambda m: m.get_dict(),Member.objects.all()))
     return HttpResponse(json.dumps(mems))
 
+@ensure_csrf_cookie
 def member(request,*args, **kwargs):
 
     # get, put and delete together since all operate on existing objects
@@ -53,10 +57,12 @@ def member(request,*args, **kwargs):
         except ValueError:
             return HttpResponseBadRequest('{"error" : "Invalid parameters supplied"}')
 
+@ensure_csrf_cookie
 def member_requests(request, *args, **kwargs):
     reqs = list(map(lambda r: r.get_dict(),MemberRequest.objects.all()))
     return HttpResponse(json.dumps(reqs))
 
+@ensure_csrf_cookie
 def new_member_request(request, *args, **kwargs):
     try:
         data = json.loads(request.body.decode("utf-8"))
@@ -66,6 +72,7 @@ def new_member_request(request, *args, **kwargs):
     except ValueError:
         return HttpResponseBadRequest('{"error" : "Invalid parameters supplied"}')
 
+@ensure_csrf_cookie
 def handle_mem_request(request, idx, *args, **kwargs):
     try:
         req = MemberRequest.objects.get(pk=idx)