Merge pull request #4049 from clintonb/csrf-cookie-fix

jpadilla · jpadilla · commit 4f16c544282b · 2016-04-26T11:43:23.000-03:00
Added support for custom CSRF cookie names
diff --git a/rest_framework/renderers.py b/rest_framework/renderers.py
@@ -12,6 +12,7 @@
 from collections import OrderedDict
 
 from django import forms
+from django.conf import settings
 from django.core.exceptions import ImproperlyConfigured
 from django.core.paginator import Page
 from django.http.multipartparser import parse_header
@@ -657,7 +658,8 @@ def get_context(self, data, accepted_media_type, renderer_context):
 
             'display_edit_forms': bool(response.status_code != 403),
 
-            'api_settings': api_settings
+            'api_settings': api_settings,
+            'csrf_cookie_name': settings.CSRF_COOKIE_NAME,
         }
         return context
 
diff --git a/rest_framework/static/rest_framework/js/csrf.js b/rest_framework/static/rest_framework/js/csrf.js
@@ -33,7 +33,7 @@ function sameOrigin(url) {
         !(/^(\/\/|http:|https:).*/.test(url));
 }
 
-var csrftoken = getCookie('csrftoken');
+var csrftoken = getCookie(window.drf.csrfCookieName);
 
 $.ajaxSetup({
     beforeSend: function(xhr, settings) {
diff --git a/rest_framework/templates/rest_framework/admin.html b/rest_framework/templates/rest_framework/admin.html
@@ -230,6 +230,11 @@ <h4 class="modal-title" id="myModalLabel">{{ error_title }}</h4>
 {% if filter_form %}{{ filter_form }}{% endif %}
 
         {% block script %}
+            <script>
+              window.drf = {
+                csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}"
+              };
+            </script>
             <script src="{% static "rest_framework/js/jquery-1.11.3.min.js" %}"></script>
             <script src="{% static "rest_framework/js/ajax-form.js" %}"></script>
             <script src="{% static "rest_framework/js/csrf.js" %}"></script>
diff --git a/rest_framework/templates/rest_framework/base.html b/rest_framework/templates/rest_framework/base.html
@@ -258,6 +258,11 @@ <h1>{{ name }}</h1>
   </div><!-- ./wrapper -->
 
   {% block script %}
+    <script>
+      window.drf = {
+        csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}"
+      };
+    </script>
     <script src="{% static "rest_framework/js/jquery-1.11.3.min.js" %}"></script>
     <script src="{% static "rest_framework/js/ajax-form.js" %}"></script>
     <script src="{% static "rest_framework/js/csrf.js" %}"></script>

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ function sameOrigin(url) {`
`33`	`33`	`!(/^(\/\/\|http:\|https:).*/.test(url));`
`34`	`34`	`}`
`35`	`35`
`36`		`-var csrftoken = getCookie('csrftoken');`
	`36`	`+var csrftoken = getCookie(window.drf.csrfCookieName);`
`37`	`37`
`38`	`38`	`$.ajaxSetup({`
`39`	`39`	`beforeSend: function(xhr, settings) {`