When trying to use a `@method_decorator` to enforce a CSRF cookie on a
parent class's method, the `iscoroutinefunction` logic appears to
incorrectly detect that the decorated view is indeed async
(https://github.com/django/django/blob/74f7deec9e334a69bfbfdd068285618534198bd5/django/utils/decorators.py#L162-L192),
leading to an exception: `AttributeError: 'coroutine' object has no
attribute 'set_cookie'`
Steps to replicate:
1. Create a simple project with the below views and URLs.
2. GET `/view1/` and observe that you see "hi" in the response
3. GET `/view2/` and observe the above attribute error
Expected behavior:
- Steps 2 and 3 return identical results
{{{
# views.py
from typing import Any
from django.http.request import HttpRequest
from django.http.response import HttpResponse
from django.views import View
from django.utils.decorators import method_decorator
from django.views.decorators.csrf import ensure_csrf_cookie
class View1(View):
@method_decorator(ensure_csrf_cookie)
async def dispatch(
self, request: HttpRequest, *args: Any, **kwargs: Any
) -> HttpResponse:
return await super().dispatch(request, *args, **kwargs)
async def get(self, request: HttpRequest):
return HttpResponse("hi")
@method_decorator(ensure_csrf_cookie, name="dispatch")
class View2(View1):
pass
}}}
{{{
# urls.py
import views
# snip
urlpatterns += [
path("/view1/", views.View1.as_view()),
path("/view2/", view.View2.as_view()),
]
}}}
Thanks!
--
Ticket URL: <https://code.djangoproject.com/ticket/35083>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.