From f7fbfdba7d2d4d64a5ab880730bb10f107f42017 Mon Sep 17 00:00:00 2001
From: yuetsh <517252939@qq.com>
Date: Sun, 14 Jun 2026 08:02:06 -0600
Subject: [PATCH] fix(submission): revert unnecessary CSRF exemption on
 FormatCodeAPI

The CSRF 403 error was expected Django behavior (no CSRF cookie in curl).
FormatCodeAPI should follow SubmissionAPI's pattern (APIView, not CSRF-exempt).
Verified with GET request: /api/format_code returns 405 (correct route resolution).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 submission/views/oj.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/submission/views/oj.py b/submission/views/oj.py
index 1214fb0..24f266d 100644
--- a/submission/views/oj.py
+++ b/submission/views/oj.py
@@ -12,7 +12,7 @@ from options.options import SysOptions
 
 # from judge.dispatcher import JudgeDispatcher
 from problem.models import Problem, ProblemRuleType
-from utils.api import APIView, AsyncAPIView, CSRFExemptAPIView, validate_serializer
+from utils.api import APIView, AsyncAPIView, validate_serializer
 from utils.cache import cache
 from utils.captcha import Captcha
 from utils.throttling import TokenBucket
@@ -284,7 +284,7 @@ class SubmissionsTodayCount(AsyncAPIView):
         return self.success(count)
 
 
-class FormatCodeAPI(CSRFExemptAPIView):
+class FormatCodeAPI(APIView):
     @login_required
     @validate_serializer(FormatCodeSerializer)
     def post(self, request):