@@ -11,17 +11,27 @@ logger = logging.getLogger(__name__)
class UnsubscribeForm(ModelForm):
class Meta:
model = Unsubscription
fields = ['email']
fields = ['email', 'mailout']
# Exempt from CSRF protection so that it can be triggered by Gmail's on-click
# unsubscribe.
@csrf_exempt
@csrf_exempt # Submitted directly by Gmail and similar - no CSRF token.
def unsubscribe(request):
"""Endpoint for use with Gmail one-click unsubscribe or similar.
Gmail now requires "List-Unsubscribe" headers for senders over a certain
monthly volume (currently 5000 emails). Add the following headers to your
mailout:
List-Unsubscribe: <https://sfconservancy.org/contacts/unsubscribe/?email=foo@bar.com&mailout=jan2024-news>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
Interfaces like Gmail will then provide a user interface to unsubscribe
which will hit this endpoint.
"""
if request.method == 'POST':
logger.debug('Unsubscribe GET: %s', request.GET)
logger.debug('Unsubscribe POST: %s', request.POST)
form = UnsubscribeForm(request.GET | request.POST)
form = UnsubscribeForm(request.GET)
if form.is_valid():
form.save()
logger.info('Unsubscribed %s', form.cleaned_data['email'])