From 80074ea20120598ad15ff2e1f4c8faacc88fef21 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Fri, 12 Jul 2019 12:12:15 +0200
Subject: [PATCH] middleware: prevent passive authentication on ajax requests
 (#34781)

---
 mellon/middleware.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mellon/middleware.py b/mellon/middleware.py
index 24b950b..bd9e82b 100644
--- a/mellon/middleware.py
+++ b/mellon/middleware.py
@@ -34,6 +34,9 @@ class PassiveAuthenticationMiddleware(object):
         return response
 
     def process_view(self, request, view_func, view_args, view_kwargs):
+        # Skip AJAX requests
+        if request.is_ajax():
+            return
         # Skip views asking to be skiped
         if getattr(view_func, 'mellon_no_passive', False):
             return