Get intercooler ajax requests working with csrf protection

2024-11-27 09:10:08 -05:00 · 2018-08-30 18:49:12 -04:00 · 2018-08-30 18:49:12 -04:00 · 77b79b32b8
commit 77b79b32b8
parent fac30d819f
2 changed files with 3 additions and 25 deletions
--- a/brutaldon/settings.py
+++ b/brutaldon/settings.py
@ -47,7 +47,7 @@ MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
-    #'django.middleware.csrf.CsrfViewMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
--- a/brutaldon/templates/base.html
+++ b/brutaldon/templates/base.html
@ -38,7 +38,8 @@
                <link rel="icon" href="{% static "images/brutaldon.png" %}" type="image/png">
            {% endif %}
    </head>
-    <body class="has-navbar-fixed-top">
+    <body class="has-navbar-fixed-top"
          ic-global-include='{"csrfmiddlewaretoken": "{{ csrf_token }}"}'>
        {% block navbar %}
            <nav class="navbar is-fixed-top" role="navigation"
                 aria-label="main navigation">
@ -185,29 +186,6 @@
             });
             $.ajaxSetup({
                 beforeSend: function(xhr, settings) {
                     function getCookie(name) {
                         var cookieValue = null;
                         if (document.cookie && document.cookie != '') {
                             var cookies = document.cookie.split(';');
                             for (var i = 0; i < cookies.length; i++) {
                                 var cookie = jQuery.trim(cookies[i]);
                                 // Does this cookie string begin with the name we want?
                                 if (cookie.substring(0, name.length + 1) == (name + '=')) {
                                     cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                                     break;
                                 }
                             }
                         }
                         return cookieValue;
                     }
                     if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
                         // Only send the token to relative URLs i.e. locally.
                         xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
                     }
                 }
             });
            </script>
            {% block page_scripts_inline %}