read csrftoken from DOM if no cookie is set

2025-07-13 01:32:24 +03:00 · 2019-12-10 08:39:29 +01:00 · 2019-12-10 08:39:29 +01:00 · 64bb72d4c2
commit 64bb72d4c2
parent 968002f155
2 changed files with 5 additions and 1 deletions
--- a/graphene_django/static/graphene_django/graphiql.js
+++ b/graphene_django/static/graphene_django/graphiql.js
@ -3,8 +3,11 @@
  // Parse the cookie value for a CSRF token
  var csrftoken;
  var cookies = ('; ' + document.cookie).split('; csrftoken=');
-  if (cookies.length == 2)
+  if (cookies.length == 2) {
    csrftoken = cookies.pop().split(';').shift();
+  } else {
+    csrftoken = document.querySelector("[name=csrfmiddlewaretoken]").value;
+  }

  // Collect the URL parameters
  var parameters = {};
--- a/graphene_django/templates/graphene/graphiql.html
+++ b/graphene_django/templates/graphene/graphiql.html
@ -31,6 +31,7 @@ add "&raw" to the end of the URL within a browser.
          crossorigin="anonymous"></script>
 </head>
 <body>
+  {% csrf_token %}
  <script src="{% static 'graphene_django/graphiql.js' %}"></script>
 </body>
 </html>