core: workaround for crsf token in production for MarkdownInput

See https://docs.djangoproject.com/en/2.0/ref/csrf/#acquiring-the-token-if-csrf-use-sessions-is-true
2025-07-09 19:40:19 +00:00 · 2018-12-20 18:19:50 +01:00
parent 3dda8eafc4
commit d2c5908c89
3 changed files with 9 additions and 15 deletions
--- a/core/templates/core/base.jinja
+++ b/core/templates/core/base.jinja
@ -26,6 +26,9 @@

    <body>

+        <!-- The token is always passed here to be accessible from the dom -->
+        <!-- See this workaround https://docs.djangoproject.com/en/2.0/ref/csrf/#acquiring-the-token-if-csrf-use-sessions-is-true -->
+        {% csrf_token %}
        <!-- BEGIN HEADER -->
        {% block header %}
        {% if not popup %}
--- a/core/templates/core/markdown_textarea.jinja
+++ b/core/templates/core/markdown_textarea.jinja
@ -18,7 +18,7 @@
 			$.ajax({
 				url: "{{ markdown_api_url }}",
 				method: "POST",
-				data: { text: plainText, csrfmiddlewaretoken: getCookie('csrftoken') },
+				data: { text: plainText, csrfmiddlewaretoken: getCSRFToken() },
 			}).done(function (msg) {
 				preview.innerHTML = msg;
 			});