From f27f9ccf62cdae89afc6430047a8b3537e73e39e Mon Sep 17 00:00:00 2001
From: Ujjwal-Squadstack <73160338+Ujjwal-Squadstack@users.noreply.github.com>
Date: Mon, 19 Feb 2024 13:52:11 +0530
Subject: [PATCH 1/2] fix download_csv csrf

---
 explorer/__init__.py | 2 +-
 explorer/views.py    | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/explorer/__init__.py b/explorer/__init__.py
index 6d22b2ea..b18e5b5d 100644
--- a/explorer/__init__.py
+++ b/explorer/__init__.py
@@ -1,7 +1,7 @@
 __version_info__ = {
     'major': 0,
     'minor': 9,
-    'micro': 21,
+    'micro': 22,
     'releaselevel': 'final',
     'serial': 0
 }
diff --git a/explorer/views.py b/explorer/views.py
index ea892300..fa3b0ea5 100644
--- a/explorer/views.py
+++ b/explorer/views.py
@@ -103,12 +103,14 @@ def render_template(self, template, ctx):
         return render_to_response(template, ctx)
 
 
+@csrf_exempt
 @view_permission
 @require_GET
 def download_query(request, query_id):
     return _csv_response(request, query_id, False, delim=request.GET.get('delim', None))
 
 
+@csrf_exempt
 @view_permission
 @require_GET
 def view_csv_query(request, query_id):
@@ -126,6 +128,7 @@ def email_csv_query(request, query_id):
     return HttpResponse(status=403)
 
 
+@csrf_exempt
 def _csv_response(request, query_id, stream=False, delim=None):
     query = get_object_or_404(Query, pk=query_id)
     query.params = url_get_params(request)
@@ -133,6 +136,7 @@ def _csv_response(request, query_id, stream=False, delim=None):
                                                                                                          user=request.user)
 
 
+@csrf_exempt
 @change_permission
 @require_POST
 def download_csv_from_sql(request):
@@ -141,6 +145,7 @@ def download_csv_from_sql(request):
                                    user=request.user)
 
 
+@csrf_exempt
 @change_permission
 @require_GET
 def schema(request):

From cd254fb14d2e68930c9378554b78a1a4afcdcfe0 Mon Sep 17 00:00:00 2001
From: Ujjwal-Squadstack <73160338+Ujjwal-Squadstack@users.noreply.github.com>
Date: Mon, 19 Feb 2024 14:44:29 +0530
Subject: [PATCH 2/2] fix download_csv csrf

---
 explorer/__init__.py | 2 +-
 explorer/views.py    | 4 ----
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/explorer/__init__.py b/explorer/__init__.py
index b18e5b5d..ce120d90 100644
--- a/explorer/__init__.py
+++ b/explorer/__init__.py
@@ -1,7 +1,7 @@
 __version_info__ = {
     'major': 0,
     'minor': 9,
-    'micro': 22,
+    'micro': 23,
     'releaselevel': 'final',
     'serial': 0
 }
diff --git a/explorer/views.py b/explorer/views.py
index fa3b0ea5..7f7a4731 100644
--- a/explorer/views.py
+++ b/explorer/views.py
@@ -103,14 +103,12 @@ def render_template(self, template, ctx):
         return render_to_response(template, ctx)
 
 
-@csrf_exempt
 @view_permission
 @require_GET
 def download_query(request, query_id):
     return _csv_response(request, query_id, False, delim=request.GET.get('delim', None))
 
 
-@csrf_exempt
 @view_permission
 @require_GET
 def view_csv_query(request, query_id):
@@ -128,7 +126,6 @@ def email_csv_query(request, query_id):
     return HttpResponse(status=403)
 
 
-@csrf_exempt
 def _csv_response(request, query_id, stream=False, delim=None):
     query = get_object_or_404(Query, pk=query_id)
     query.params = url_get_params(request)
@@ -145,7 +142,6 @@ def download_csv_from_sql(request):
                                    user=request.user)
 
 
-@csrf_exempt
 @change_permission
 @require_GET
 def schema(request):