From e7ae6c91c950f8eb7ff1f6b7bcc695414d079fc3 Mon Sep 17 00:00:00 2001 From: Ben Darnell Date: Wed, 23 Feb 2011 10:08:00 -0800 Subject: [PATCH] OPTIONS should not require an XSRF token. Closes #225. --- tornado/web.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tornado/web.py b/tornado/web.py index 904336ed..06aacdcc 100644 --- a/tornado/web.py +++ b/tornado/web.py @@ -853,7 +853,7 @@ class RequestHandler(object): raise HTTPError(405) # If XSRF cookies are turned on, reject form submissions without # the proper cookie - if self.request.method not in ("GET", "HEAD") and \ + if self.request.method not in ("GET", "HEAD", "OPTIONS") and \ self.application.settings.get("xsrf_cookies"): self.check_xsrf_cookie() self.prepare()