MAAS

1	diff --git a/src/maasserver/views/account.py b/src/maasserver/views/account.py
2	index 8ebcf39..72a27f4 100644
3	--- a/src/maasserver/views/account.py
4	+++ b/src/maasserver/views/account.py
5	@@ -27,6 +27,7 @@ from django.http import (
6	)
7	from django.middleware.csrf import get_token
8	from django.shortcuts import render
9	+from django.views.decorators.csrf import csrf_exempt
10	from maasserver.audit import create_audit_event
11	from maasserver.enum import ENDPOINT
12	from maasserver.models import UserProfile
13	@@ -153,6 +154,7 @@ def authenticate(request):
14	})
15
16
17	+@csrf_exempt
18	def csrf(request):
19	"""Get the CSRF token for the authenticated user."""
20	if request.method != "POST":
21	diff --git a/src/maasserver/views/tests/test_account.py b/src/maasserver/views/tests/test_account.py
22	index cbf0c2d..fe4999b 100644
23	--- a/src/maasserver/views/tests/test_account.py
24	+++ b/src/maasserver/views/tests/test_account.py
25	@@ -385,6 +385,9 @@ class TestCSRF(MAASServerTestCase):
26	self.assertThat(response, HasStatusCode(HTTPStatus.FORBIDDEN))
27
28	def test__returns_csrf(self):
29	+ # Force the client to test for CSRF because the view should be CSRF
30	+ # exempt. If not exempt then the `client.post` would fail.
31	+ self.client.handler.enforce_csrf_checks = True
32	self.client.login(user=factory.make_User())
33	response = self.client.post(reverse('csrf'))
34	self.assertThat(response, HasStatusCode(HTTPStatus.OK))

Merge ~blake-rouse/maas:fix-1844796 into maas:master