CSRF Middleware

class smarter.lib.django.middleware.csrf.SmarterCsrfViewMiddleware(get_response)[source]

Bases: CsrfViewMiddleware, SmarterRequestMixin

ASGI-safe CSRF middleware.

Extends Django’s CsrfViewMiddleware while preserving all Django request lifecycle invariants.

__init__(get_response)[source]

Note: this needs to exist.

something in the Python MRO requires it, even if it does nothing. If you remove this, you will get a mysterious error about something downstream expecting exactly one object.

allowed_origin_subdomains

csrf_trusted_origins_hosts

Django internals use this property.

We preserve compatibility while avoiding mutation of global settings.

property formatted_class_name: str

Returns the class name formatted for logging.

Returns:: The formatted class name as a string.
Return type:: str

get_dynamic_trusted_origins(request)[source]

Return request-scoped trusted origins.

IMPORTANT: - never mutate Django settings - always return a fresh list

Return type:: list[str]

process_view(request, callback, callback_args, callback_kwargs)[source]

Main CSRF enforcement hook.

IMPORTANT: - return None to continue processing - return HttpResponse to short-circuit - NEVER return self.get_response(request)