encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2024-11-23 01:57:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Allow custom CSRF_HEADER_NAME setting. (#4415)

Browse Source
This commit is contained in:
Tom Christie 2016-08-18 11:24:03 +01:00 committed by GitHub
parent 966330a85a
commit b76984d222
4 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
rest_framework/renderers.py
View File

@ -645,6 +645,12 @@ class BrowsableAPIRenderer(BaseRenderer):
else: else:
paginator = None paginator = None
csrf_cookie_name = settings.CSRF_COOKIE_NAME
csrf_header_name = getattr(settings, 'CSRF_HEADER_NAME', 'HTTP_X_CSRFToken') # Fallback for Django 1.8
if csrf_header_name.startswith('HTTP_'):
csrf_header_name = csrf_header_name[5:]
csrf_header_name = csrf_header_name.replace('_', '-')
context = { context = {
'content': self.get_content(renderer, data, accepted_media_type, renderer_context), 'content': self.get_content(renderer, data, accepted_media_type, renderer_context),
'view': view, 'view': view,
@ -675,7 +681,8 @@ class BrowsableAPIRenderer(BaseRenderer):
'display_edit_forms': bool(response.status_code != 403), 'display_edit_forms': bool(response.status_code != 403),
'api_settings': api_settings, 'api_settings': api_settings,
'csrf_cookie_name': settings.CSRF_COOKIE_NAME, 'csrf_cookie_name': csrf_cookie_name,
'csrf_header_name': csrf_header_name
} }
return context return context

2
rest_framework/static/rest_framework/js/csrf.js
View File

@ -46,7 +46,7 @@ $.ajaxSetup({
// Send the token to same-origin, relative URLs only. // Send the token to same-origin, relative URLs only.
// Send the token only if the method warrants CSRF protection // Send the token only if the method warrants CSRF protection
// Using the CSRFToken value acquired earlier // Using the CSRFToken value acquired earlier
xhr.setRequestHeader("X-CSRFToken", csrftoken); xhr.setRequestHeader(window.drf.csrfHeaderName, csrftoken);
} }
} }
}); });

1
rest_framework/templates/rest_framework/admin.html
View File

@ -232,6 +232,7 @@
{% block script %} {% block script %}
<script> <script>
window.drf = { window.drf = {
csrfHeaderName: "{{ csrf_header_name|default:'X-CSRFToken' }}"
csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}" csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}"
}; };
</script> </script>

1
rest_framework/templates/rest_framework/base.html
View File

@ -263,6 +263,7 @@
{% block script %} {% block script %}
<script> <script>
window.drf = { window.drf = {
csrfHeaderName: "{{ csrf_header_name|default:'X-CSRFToken' }}"
csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}" csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}"
}; };
</script> </script>