SLS url fail without referer

[kedare]

Hello.

When trying to setup Single Sign out, my IDP contact Sentry without a referer and it looks like this is the reason why it's not working, I can see this in the logs :

10:39:48 [WARNING] django.request: Forbidden (Referer checking failed - no Referer.): /saml/sls/xxx/ (status_code=403 request=<WSGIRequest: POST u'/saml/sls/xxx/'>)
10.0.0.23 - - [28/Nov/2018:10:39:48 +0000] "POST /saml/sls/xxx/ HTTP/1.0" 403 6498 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_181)"

Looks like this endpoing should have a @csrf_exempt ?

Thanks.

[kedare]

Thanks for the fix :)

[evanpurkhiser]

Thanks for the report! You're right, the csrf_exempt decorator should definitely be on there.