From 00f3efa158e7afdfc5b8d7f3dbd4a045f8522526 Mon Sep 17 00:00:00 2001
From: Maxim Daniline <Maxim.Daniline@softwire.com>
Date: Mon, 5 Feb 2018 16:56:37 +0000
Subject: [PATCH] Skip csrf protection on introspection endpoint

---
 oidc_provider/views.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/oidc_provider/views.py b/oidc_provider/views.py
index e66903d..c0c3abb 100644
--- a/oidc_provider/views.py
+++ b/oidc_provider/views.py
@@ -1,5 +1,7 @@
 import logging
 
+from django.views.decorators.csrf import csrf_exempt
+
 from oidc_provider.lib.endpoints.introspection import TokenIntrospectionEndpoint
 try:
     from urllib import urlencode
@@ -381,6 +383,10 @@ class CheckSessionIframeView(View):
 
 
 class TokenIntrospectionView(View):
+    @method_decorator(csrf_exempt)
+    def dispatch(self, request, *args, **kwargs):
+        return super(TokenIntrospectionView, self).dispatch(request, *args, **kwargs)
+
     def post(self, request, *args, **kwargs):
         introspection = TokenIntrospectionEndpoint(request)