Rooba
/
tornado
mirror of https://github.com/tornadoweb/tornado.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

OPTIONS should not require an XSRF token. 

Closes #225.
This commit is contained in:
Ben Darnell 2011-02-23 10:08:00 -08:00
parent fb8736cdf1
commit e7ae6c91c9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tornado/web.py
View File

@ -853,7 +853,7 @@ class RequestHandler(object):
raise HTTPError(405)
# If XSRF cookies are turned on, reject form submissions without
# the proper cookie
if self.request.method not in ("GET", "HEAD") and \
if self.request.method not in ("GET", "HEAD", "OPTIONS") and \
self.application.settings.get("xsrf_cookies"):
self.check_xsrf_cookie()
self.prepare()