mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-26 02:54:20 +00:00
Merge branch 'makdown-editor' into 'master'
Workaround for crsf token in production for MarkdownInput See merge request ae/Sith!189
This commit is contained in:
commit
0f7f80e9d3
@ -47,18 +47,9 @@ function display_notif() {
|
|||||||
// You can't get the csrf token from the template in a widget
|
// You can't get the csrf token from the template in a widget
|
||||||
// We get it from a cookie as a workaround, see this link
|
// We get it from a cookie as a workaround, see this link
|
||||||
// https://docs.djangoproject.com/en/2.0/ref/csrf/#ajax
|
// https://docs.djangoproject.com/en/2.0/ref/csrf/#ajax
|
||||||
function getCookie(cname) {
|
// Sadly, getting the cookie is not possible with CSRF_COOKIE_HTTPONLY or CSRF_USE_SESSIONS is True
|
||||||
var name = cname + "=";
|
// So, the true workaround is to get the token from the dom
|
||||||
var decodedCookie = decodeURIComponent(document.cookie);
|
// https://docs.djangoproject.com/en/2.0/ref/csrf/#acquiring-the-token-if-csrf-use-sessions-is-true
|
||||||
var ca = decodedCookie.split(';');
|
function getCSRFToken() {
|
||||||
for(var i = 0; i <ca.length; i++) {
|
return $("[name=csrfmiddlewaretoken]").val();
|
||||||
var c = ca[i];
|
|
||||||
while (c.charAt(0) == ' ') {
|
|
||||||
c = c.substring(1);
|
|
||||||
}
|
|
||||||
if (c.indexOf(name) == 0) {
|
|
||||||
return c.substring(name.length, c.length);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return "";
|
|
||||||
}
|
}
|
@ -26,6 +26,9 @@
|
|||||||
|
|
||||||
<body>
|
<body>
|
||||||
|
|
||||||
|
<!-- The token is always passed here to be accessible from the dom -->
|
||||||
|
<!-- See this workaround https://docs.djangoproject.com/en/2.0/ref/csrf/#acquiring-the-token-if-csrf-use-sessions-is-true -->
|
||||||
|
{% csrf_token %}
|
||||||
<!-- BEGIN HEADER -->
|
<!-- BEGIN HEADER -->
|
||||||
{% block header %}
|
{% block header %}
|
||||||
{% if not popup %}
|
{% if not popup %}
|
||||||
|
@ -18,7 +18,7 @@
|
|||||||
$.ajax({
|
$.ajax({
|
||||||
url: "{{ markdown_api_url }}",
|
url: "{{ markdown_api_url }}",
|
||||||
method: "POST",
|
method: "POST",
|
||||||
data: { text: plainText, csrfmiddlewaretoken: getCookie('csrftoken') },
|
data: { text: plainText, csrfmiddlewaretoken: getCSRFToken() },
|
||||||
}).done(function (msg) {
|
}).done(function (msg) {
|
||||||
preview.innerHTML = msg;
|
preview.innerHTML = msg;
|
||||||
});
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user