encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-10-31 16:07:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

Made templates compatible with session-based CSRF. (#6207)

Browse Source
This commit is contained in:
jeffrey k eliasen 2019-02-19 03:15:03 -08:00 committed by Carlton Gibson
parent 1660469ed8
commit eb3180173e
4 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rest_framework/static/rest_framework/js/csrf.js
View File

@ -38,7 +38,7 @@ function sameOrigin(url) {
!(/^(\/\/|http:|https:).*/.test(url));
}
var csrftoken = getCookie(window.drf.csrfCookieName);
var csrftoken = window.drf.csrfToken;
$.ajaxSetup({
beforeSend: function(xhr, settings) {

2
rest_framework/templates/rest_framework/admin.html
View File

@ -247,7 +247,7 @@
<script>
window.drf = {
csrfHeaderName: "{{ csrf_header_name|default:'X-CSRFToken' }}",
csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}"
csrfToken: "{{ csrf_token }}"
};
</script>
<script src="{% static "rest_framework/js/jquery-3.3.1.min.js" %}"></script>

2
rest_framework/templates/rest_framework/base.html
View File

@ -290,7 +290,7 @@
<script>
window.drf = {
csrfHeaderName: "{{ csrf_header_name|default:'X-CSRFToken' }}",
csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}"
csrfToken: "{% if request %}{{ csrf_token }}{% endif %}"
};
</script>
<script src="{% static "rest_framework/js/jquery-3.3.1.min.js" %}"></script>

12
tests/test_templates.py
View File

@ -1,7 +1,17 @@
import re
from django.shortcuts import render
def test_base_template_with_context():
context = {'request': True, 'csrf_token': 'TOKEN'}
result = render({}, 'rest_framework/base.html', context=context)
assert re.search(r'\bcsrfToken: "TOKEN"', result.content.decode('utf-8'))
def test_base_template_with_no_context():
# base.html should be renderable with no context,
# so it can be easily extended.
render({}, 'rest_framework/base.html')
result = render({}, 'rest_framework/base.html')
# note that this response will not include a valid CSRF token
assert re.search(r'\bcsrfToken: ""', result.content.decode('utf-8'))