From 45df7445f4dd21d08a6bddd084a113b73c957091 Mon Sep 17 00:00:00 2001
From: cbergmiller <christian@bergmiller.de>
Date: Fri, 27 Dec 2019 15:26:42 +0100
Subject: [PATCH] Read csrftoken from DOM if no cookie is set (#826)

---
 graphene_django/static/graphene_django/graphiql.js | 5 ++++-
 graphene_django/templates/graphene/graphiql.html   | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/graphene_django/static/graphene_django/graphiql.js b/graphene_django/static/graphene_django/graphiql.js
index 2be7e3c..e38cd62 100644
--- a/graphene_django/static/graphene_django/graphiql.js
+++ b/graphene_django/static/graphene_django/graphiql.js
@@ -3,8 +3,11 @@
   // Parse the cookie value for a CSRF token
   var csrftoken;
   var cookies = ('; ' + document.cookie).split('; csrftoken=');
-  if (cookies.length == 2)
+  if (cookies.length == 2) {
     csrftoken = cookies.pop().split(';').shift();
+  } else {
+    csrftoken = document.querySelector("[name=csrfmiddlewaretoken]").value;
+  }
 
   // Collect the URL parameters
   var parameters = {};
diff --git a/graphene_django/templates/graphene/graphiql.html b/graphene_django/templates/graphene/graphiql.html
index d0fb5a8..a0d0e1a 100644
--- a/graphene_django/templates/graphene/graphiql.html
+++ b/graphene_django/templates/graphene/graphiql.html
@@ -31,6 +31,7 @@ add "&raw" to the end of the URL within a browser.
           crossorigin="anonymous"></script>
 </head>
 <body>
+  {% csrf_token %}
   <script src="{% static 'graphene_django/graphiql.js' %}"></script>
 </body>
 </html>