Get intercooler ajax requests working with csrf protection

This commit is contained in:
Jason McBrayer 2018-08-30 18:49:12 -04:00
parent fac30d819f
commit 77b79b32b8
2 changed files with 3 additions and 25 deletions

View File

@ -47,7 +47,7 @@ MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
#'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',

View File

@ -38,7 +38,8 @@
<link rel="icon" href="{% static "images/brutaldon.png" %}" type="image/png">
{% endif %}
</head>
<body class="has-navbar-fixed-top">
<body class="has-navbar-fixed-top"
ic-global-include='{"csrfmiddlewaretoken": "{{ csrf_token }}"}'>
{% block navbar %}
<nav class="navbar is-fixed-top" role="navigation"
aria-label="main navigation">
@ -185,29 +186,6 @@
});
$.ajaxSetup({
beforeSend: function(xhr, settings) {
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
}
}
});
</script>
{% block page_scripts_inline %}