Skip to content

Commit eb31801

Browse files
seawolf42carltongibson
seawolf42
authored and
carltongibson
committed
Made templates compatible with session-based CSRF. (#6207)
1 parent 1660469 commit eb31801

File tree

4 files changed

+14
-4
lines changed

4 files changed

+14
-4
lines changed

rest_framework/static/rest_framework/js/csrf.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ function sameOrigin(url) {
3838
!(/^(\/\/|http:|https:).*/.test(url));
3939
}
4040

41-
var csrftoken = getCookie(window.drf.csrfCookieName);
41+
var csrftoken = window.drf.csrfToken;
4242

4343
$.ajaxSetup({
4444
beforeSend: function(xhr, settings) {

rest_framework/templates/rest_framework/admin.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -247,7 +247,7 @@ <h4 class="modal-title" id="myModalLabel">{{ error_title }}</h4>
247247
<script>
248248
window.drf = {
249249
csrfHeaderName: "{{ csrf_header_name|default:'X-CSRFToken' }}",
250-
csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}"
250+
csrfToken: "{{ csrf_token }}"
251251
};
252252
</script>
253253
<script src="{% static "rest_framework/js/jquery-3.3.1.min.js" %}"></script>

rest_framework/templates/rest_framework/base.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -290,7 +290,7 @@ <h1>{{ name }}</h1>
290290
<script>
291291
window.drf = {
292292
csrfHeaderName: "{{ csrf_header_name|default:'X-CSRFToken' }}",
293-
csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}"
293+
csrfToken: "{% if request %}{{ csrf_token }}{% endif %}"
294294
};
295295
</script>
296296
<script src="{% static "rest_framework/js/jquery-3.3.1.min.js" %}"></script>

tests/test_templates.py

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,17 @@
1+
import re
2+
13
from django.shortcuts import render
24

35

6+
def test_base_template_with_context():
7+
context = {'request': True, 'csrf_token': 'TOKEN'}
8+
result = render({}, 'rest_framework/base.html', context=context)
9+
assert re.search(r'\bcsrfToken: "TOKEN"', result.content.decode('utf-8'))
10+
11+
412
def test_base_template_with_no_context():
513
# base.html should be renderable with no context,
614
# so it can be easily extended.
7-
render({}, 'rest_framework/base.html')
15+
result = render({}, 'rest_framework/base.html')
16+
# note that this response will not include a valid CSRF token
17+
assert re.search(r'\bcsrfToken: ""', result.content.decode('utf-8'))

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy