From d46f4f982cf531d9e9ed54649b283a623b195360 Mon Sep 17 00:00:00 2001
From: Carl Rutherford <crruthe@users.noreply.github.com>
Date: Thu, 27 Apr 2017 11:54:31 +0100
Subject: [PATCH] Fix for #593 by exempting csrf for SSO

---
 security_monkey/sso/views.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/security_monkey/sso/views.py b/security_monkey/sso/views.py
index c41fabad3..544db9e50 100644
--- a/security_monkey/sso/views.py
+++ b/security_monkey/sso/views.py
@@ -25,11 +25,13 @@
 from .service import fetch_token_header_payload, get_rsa_public_key, setup_user
 
 from security_monkey.datastore import User
-from security_monkey import db, rbac
+from security_monkey import db, rbac, csrf
 
 from urlparse import urlparse
 
 mod = Blueprint('sso', __name__)
+# SSO providers implement their own CSRF protection
+csrf.exempt(mod)
 api = Api(mod)