Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for custom CSRF cookie names #4049

Merged
merged 1 commit into from
Apr 26, 2016
Merged

Added support for custom CSRF cookie names #4049

merged 1 commit into from
Apr 26, 2016

Conversation

clintonb
Copy link
Contributor

Instead of hardcoding the CSRF cookie name, the value is passed to the template as a context variable, rendered as a JavaScript variable, and read by csrf.js.

refs #4048

jpadilla
jpadilla reviewed Apr 12, 2016
View reviewed changes
rest_framework/templates/rest_framework/admin.html
@@ -230,6 +230,9 @@ <h4 class="modal-title" id="myModalLabel">{{ error_title }}</h4>
{% if filter_form %}{{ filter_form }}{% endif %}

{% block script %}
<script>
var csrf_cookie_name = "{{ csrf_cookie_name|default:'csrftoken' }}";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we instead do something like:

window.drf = {
  csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}"
};

and use window.drf.csrfCookieName in csrf.js?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated.

@jpadilla
Copy link
Member

Good stuff @clintonb, just left one small comment.

@jpadilla
Copy link
Member

This reminds me, I should probably do some house cleaning of our client side stuff.

@clintonb
Added support for custom CSRF cookie names
9d9658f 
Instead of hardcoding the CSRF cookie name, the value is passed to the template as a context variable, rendered as a JavaScript variable, and read by csrf.js.

Fixes #4048
@clintonb
Copy link
Contributor Author

@jpadilla I addressed your comment. Let me know if any other changes are necessary to merge.

@jpadilla jpadilla added this to the 3.3.4 Release milestone Apr 26, 2016
@jpadilla jpadilla merged commit 4f16c54 into encode:master Apr 26, 2016
@jpadilla
Copy link
Member

@clintonb thanks!

@clintonb clintonb deleted the csrf-cookie-fix branch April 26, 2016 15:58
@xordoquy xordoquy modified the milestones: 3.4.0 Release, 3.3.4 Release Apr 27, 2016
@pyup-bot pyup-bot mentioned this pull request Oct 22, 2016
Merged
@pyup-bot pyup-bot mentioned this pull request Oct 30, 2016
Merged
@pyup-bot pyup-bot mentioned this pull request Feb 26, 2017
Merged
This was referenced Mar 9, 2017
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Enhancement
Projects
None yet
Milestone
3.4.0 Release
Development

Successfully merging this pull request may close these issues.
3 participants
@clintonb @jpadilla @xordoquy