Merge pull request #614 from seanmorley15/development

Development

backend/server/adventures/middleware.py

@@ -29,4 +29,12 @@ class XSessionTokenMiddleware(MiddlewareMixin):
 class DisableCSRFForSessionTokenMiddleware(MiddlewareMixin):
     def process_request(self, request):
         if 'X-Session-Token' in request.headers:
-            setattr(request, '_dont_enforce_csrf_checks', True)
+            setattr(request, '_dont_enforce_csrf_checks', True)
+
+class DisableCSRFForMobileLoginSignup(MiddlewareMixin):
+    def process_request(self, request):
+        is_mobile = request.headers.get('X-Is-Mobile', '').lower() == 'true'
+        is_login_or_signup = request.path in ['/auth/browser/v1/auth/login', '/auth/browser/v1/auth/signup']
+        if is_mobile and is_login_or_signup:
+            setattr(request, '_dont_enforce_csrf_checks', True)
+       

backend/server/main/settings.py

@@ -71,6 +71,7 @@ MIDDLEWARE = (
     'whitenoise.middleware.WhiteNoiseMiddleware',
     'adventures.middleware.XSessionTokenMiddleware',
     'adventures.middleware.DisableCSRFForSessionTokenMiddleware',
+    'adventures.middleware.DisableCSRFForMobileLoginSignup',
     'corsheaders.middleware.CorsMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',