mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-22 14:13:21 +00:00
core: workaround for crsf token in production for MarkdownInput
See https://docs.djangoproject.com/en/2.0/ref/csrf/#acquiring-the-token-if-csrf-use-sessions-is-true
This commit is contained in:
parent
3dda8eafc4
commit
d2c5908c89
@ -47,18 +47,9 @@ function display_notif() {
|
||||
// You can't get the csrf token from the template in a widget
|
||||
// We get it from a cookie as a workaround, see this link
|
||||
// https://docs.djangoproject.com/en/2.0/ref/csrf/#ajax
|
||||
function getCookie(cname) {
|
||||
var name = cname + "=";
|
||||
var decodedCookie = decodeURIComponent(document.cookie);
|
||||
var ca = decodedCookie.split(';');
|
||||
for(var i = 0; i <ca.length; i++) {
|
||||
var c = ca[i];
|
||||
while (c.charAt(0) == ' ') {
|
||||
c = c.substring(1);
|
||||
}
|
||||
if (c.indexOf(name) == 0) {
|
||||
return c.substring(name.length, c.length);
|
||||
}
|
||||
}
|
||||
return "";
|
||||
// Sadly, getting the cookie is not possible with CSRF_COOKIE_HTTPONLY or CSRF_USE_SESSIONS is True
|
||||
// So, the true workaround is to get the token from the dom
|
||||
// https://docs.djangoproject.com/en/2.0/ref/csrf/#acquiring-the-token-if-csrf-use-sessions-is-true
|
||||
function getCSRFToken() {
|
||||
return $("[name=csrfmiddlewaretoken]").val();
|
||||
}
|
@ -26,6 +26,9 @@
|
||||
|
||||
<body>
|
||||
|
||||
<!-- The token is always passed here to be accessible from the dom -->
|
||||
<!-- See this workaround https://docs.djangoproject.com/en/2.0/ref/csrf/#acquiring-the-token-if-csrf-use-sessions-is-true -->
|
||||
{% csrf_token %}
|
||||
<!-- BEGIN HEADER -->
|
||||
{% block header %}
|
||||
{% if not popup %}
|
||||
|
@ -18,7 +18,7 @@
|
||||
$.ajax({
|
||||
url: "{{ markdown_api_url }}",
|
||||
method: "POST",
|
||||
data: { text: plainText, csrfmiddlewaretoken: getCookie('csrftoken') },
|
||||
data: { text: plainText, csrfmiddlewaretoken: getCSRFToken() },
|
||||
}).done(function (msg) {
|
||||
preview.innerHTML = msg;
|
||||
});
|
||||
|
Loading…
Reference in New Issue
Block a user