graphql-python/graphene-django
1
1
Fork 0
mirror of https://github.com/graphql-python/graphene-django.git synced 2025-07-06 13:23:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Read CSRF token from DOM instead of cookie

Browse Source 
Fixes #307
This commit is contained in:
David Neale 2017-10-30 16:34:40 +00:00 committed by GitHub
parent 2600f0f041
commit 189a586cfb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
graphene_django/templates/graphene/graphiql.html
View File

@ -23,12 +23,10 @@ add "&raw" to the end of the URL within a browser.
<script src="//cdn.jsdelivr.net/graphiql/{{graphiql_version}}/graphiql.min.js"></script> <script src="//cdn.jsdelivr.net/graphiql/{{graphiql_version}}/graphiql.min.js"></script>
</head> </head>
<body> <body>
{% csrf_token %}
<script> <script>
// Parse the cookie value for a CSRF token // Parse the cookie value for a CSRF token
var csrftoken; var csrftoken = document.querySelector("[name=csrfmiddlewaretoken]").value;
var cookies = ('; ' + document.cookie).split('; csrftoken=');
if (cookies.length == 2)
csrftoken = cookies.pop().split(';').shift();
// Collect the URL parameters // Collect the URL parameters
var parameters = {}; var parameters = {};