graphql-python/graphene-django
1
1
Fork 0
mirror of https://github.com/graphql-python/graphene-django.git synced 2025-07-14 02:02:20 +03:00
Code Issues Packages Projects Releases Wiki Activity

Make CSRF cookie and header names configuration based on django settings

Browse Source
This commit is contained in:
Bob Reid 2019-02-20 16:37:55 -05:00
parent f76f38ef30
commit c8db1feb6b
2 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
graphene_django/templates/graphene/graphiql.html
View File

@ -26,7 +26,7 @@ add "&raw" to the end of the URL within a browser.
<script> <script>
// Parse the cookie value for a CSRF token // Parse the cookie value for a CSRF token
var csrftoken; var csrftoken;
var cookies = ('; ' + document.cookie).split('; csrftoken='); var cookies = ('; ' + document.cookie).split('; {{ csrf_cookie }}=');
if (cookies.length == 2) if (cookies.length == 2)
csrftoken = cookies.pop().split(';').shift(); csrftoken = cookies.pop().split(';').shift();
@ -66,7 +66,7 @@ add "&raw" to the end of the URL within a browser.
'Content-Type': 'application/json' 'Content-Type': 'application/json'
}; };
if (csrftoken) { if (csrftoken) {
headers['X-CSRFToken'] = csrftoken; headers['{{csrf_header}}'] = csrftoken;
} }
return fetch(fetchURL, { return fetch(fetchURL, {
method: 'post', method: 'post',

16
graphene_django/views.py
View File

@ -3,16 +3,16 @@ import json
import re import re
import six import six
from django.conf import settings
from django.http import HttpResponse, HttpResponseNotAllowed from django.http import HttpResponse, HttpResponseNotAllowed
from django.http.response import HttpResponseBadRequest from django.http.response import HttpResponseBadRequest
from django.shortcuts import render from django.shortcuts import render
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
from django.views.generic import View
from django.views.decorators.csrf import ensure_csrf_cookie from django.views.decorators.csrf import ensure_csrf_cookie
from django.views.generic import View
from graphql import get_default_backend from graphql import get_default_backend
from graphql.error import format_error as format_graphql_error
from graphql.error import GraphQLError from graphql.error import GraphQLError
from graphql.error import format_error as format_graphql_error
from graphql.execution import ExecutionResult from graphql.execution import ExecutionResult
from graphql.type.schema import GraphQLSchema from graphql.type.schema import GraphQLSchema
@ -148,6 +148,8 @@ class GraphQLView(View):
variables=json.dumps(variables) or "", variables=json.dumps(variables) or "",
operation_name=operation_name or "", operation_name=operation_name or "",
result=result or "", result=result or "",
csrf_cookie=settings.CSRF_COOKIE_NAME,
csrf_header=self.get_csrf_header_name(settings.CSRF_HEADER_NAME),
) )
return HttpResponse( return HttpResponse(
@ -343,3 +345,11 @@ class GraphQLView(View):
meta = request.META meta = request.META
content_type = meta.get("CONTENT_TYPE", meta.get("HTTP_CONTENT_TYPE", "")) content_type = meta.get("CONTENT_TYPE", meta.get("HTTP_CONTENT_TYPE", ""))
return content_type.split(";", 1)[0].lower() return content_type.split(";", 1)[0].lower()
@staticmethod
def get_csrf_header_name(django_csrf_header_name):
header_name = django_csrf_header_name
if header_name.startswith('HTTP_'):
header_name = header_name[5:]
return header_name.replace('_', '-')