From: Ben Darnell <ben@bendarnell.com>
Date: Wed, 23 Feb 2011 18:08:00 +0000 (-0800)
Subject: OPTIONS should not require an XSRF token.
X-Git-Tag: v2.0.0~126
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e7ae6c91c950f8eb7ff1f6b7bcc695414d079fc3;p=thirdparty%2Ftornado.git

OPTIONS should not require an XSRF token.

Closes #225.
---

diff --git a/tornado/web.py b/tornado/web.py
index 904336edd..06aacdccc 100644
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -853,7 +853,7 @@ class RequestHandler(object):
                 raise HTTPError(405)
             # If XSRF cookies are turned on, reject form submissions without
             # the proper cookie
-            if self.request.method not in ("GET", "HEAD") and \
+            if self.request.method not in ("GET", "HEAD", "OPTIONS") and \
                self.application.settings.get("xsrf_cookies"):
                 self.check_xsrf_cookie()
             self.prepare()