encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2024-11-22 17:47:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added support for custom CSRF cookie names

Browse Source 
Instead of hardcoding the CSRF cookie name, the value is passed to the template as a context variable, rendered as a JavaScript variable, and read by csrf.js.

Fixes #4048
This commit is contained in:
Clinton Blackburn 2016-04-11 23:04:20 -04:00 committed by Clinton Blackburn
parent 08dad04b19
commit 9d9658f128
4 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rest_framework/renderers.py
View File

@ -12,6 +12,7 @@ import json
from collections import OrderedDict from collections import OrderedDict
from django import forms from django import forms
from django.conf import settings
from django.core.exceptions import ImproperlyConfigured from django.core.exceptions import ImproperlyConfigured
from django.core.paginator import Page from django.core.paginator import Page
from django.http.multipartparser import parse_header from django.http.multipartparser import parse_header
@ -657,7 +658,8 @@ class BrowsableAPIRenderer(BaseRenderer):
'display_edit_forms': bool(response.status_code != 403), 'display_edit_forms': bool(response.status_code != 403),
'api_settings': api_settings 'api_settings': api_settings,
'csrf_cookie_name': settings.CSRF_COOKIE_NAME,
} }
return context return context

2
rest_framework/static/rest_framework/js/csrf.js
View File

@ -33,7 +33,7 @@ function sameOrigin(url) {
!(/^(\/\/|http:|https:).*/.test(url)); !(/^(\/\/|http:|https:).*/.test(url));
} }
var csrftoken = getCookie('csrftoken'); var csrftoken = getCookie(window.drf.csrfCookieName);
$.ajaxSetup({ $.ajaxSetup({
beforeSend: function(xhr, settings) { beforeSend: function(xhr, settings) {

5
rest_framework/templates/rest_framework/admin.html
View File

@ -230,6 +230,11 @@
{% if filter_form %}{{ filter_form }}{% endif %} {% if filter_form %}{{ filter_form }}{% endif %}
{% block script %} {% block script %}
<script>
window.drf = {
csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}"
};
</script>
<script src="{% static "rest_framework/js/jquery-1.11.3.min.js" %}"></script> <script src="{% static "rest_framework/js/jquery-1.11.3.min.js" %}"></script>
<script src="{% static "rest_framework/js/ajax-form.js" %}"></script> <script src="{% static "rest_framework/js/ajax-form.js" %}"></script>
<script src="{% static "rest_framework/js/csrf.js" %}"></script> <script src="{% static "rest_framework/js/csrf.js" %}"></script>

5
rest_framework/templates/rest_framework/base.html
View File

@ -258,6 +258,11 @@
</div><!-- ./wrapper --> </div><!-- ./wrapper -->
{% block script %} {% block script %}
<script>
window.drf = {
csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}"
};
</script>
<script src="{% static "rest_framework/js/jquery-1.11.3.min.js" %}"></script> <script src="{% static "rest_framework/js/jquery-1.11.3.min.js" %}"></script>
<script src="{% static "rest_framework/js/ajax-form.js" %}"></script> <script src="{% static "rest_framework/js/ajax-form.js" %}"></script>
<script src="{% static "rest_framework/js/csrf.js" %}"></script> <script src="{% static "rest_framework/js/csrf.js" %}"></script>