Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle csrf stored in sessions #111

Merged
merged 2 commits into from Nov 2, 2018
Merged

Handle csrf stored in sessions #111

merged 2 commits into from Nov 2, 2018

Conversation

Intestinall
Copy link

@Intestinall Intestinall commented Mar 3, 2018
edited

This allow to use CSRF_USE_SESSIONS = True which store crsf token in session instead of cookies.
It checks if csrf token found in cookies otherwise try to get csrf token in session.

Handle csrf stored in sessions
bac787b 
This allow to use CSRF_USE_SESSIONS = True which store crsf token in session instead of cookies.tting CSRF_USE_SESSIONS = True.
It checks if csrf token found in cookies otherwise try to get csrf token in session.
@Pyvonix
Copy link

Pyvonix commented Mar 8, 2018

Use full modification !
When CSRF_USE_SESSIONS = True in settings.py when can't use mardkownx => 403 error, with is modification the error is fixe.

@JeroenvO JeroenvO mentioned this pull request Oct 24, 2018
Closed
@JeroenvO
Copy link

It would be nice to have this implemented :)

@Pyvonix
Copy link

Pyvonix commented Oct 27, 2018
edited

Yes for sure, this feature will be very useful when we change the method to handle the CSRF token.
In this MR, @Darkaird propose a simple way:

if we find the CSRF token:
   deal with it
else:
   search it in sessions

There is surely a way "more pretty" by giving the mode used by Django to handle the token from the settings.py but this is much more complex and this way can completely do the job.

The fact that travis-ci job crash is not to be considered because no language set for the job who fail. What is necessary to add this feature @adi- or @xenatisch ?

@JeroenvO
Copy link

There is surely a way "more pretty" by giving the mode used by Django to handle the token from the settings.py but this is much more complex and this way can completely do the job.

In that case django has to parse the .js file as template before serving it, thats not pretty either.

@adi-
Copy link
Member

adi- commented Oct 28, 2018
edited

But why there is this bac787b#diff-fd2204ac82e19c15973d9a6bb1452905R126 line left in the code? It should be deleted.

@JeroenvO
Copy link

JeroenvO commented Oct 28, 2018
edited

Clearly a mistake indeed, i overlooked it in the diff. Can you correct or comment on this @TheBuky

@adi-
Copy link
Member

adi- commented Oct 28, 2018

Also, please update PR to latest code from github. There is already a fix for travis error.

@Intestinall
Copy link
Author

My bad, what a shameful newbie mistake...
I just edit it.

@Pyvonix
Copy link

Pyvonix commented Nov 1, 2018

@adi- Can you be more precise about the PR?
We need rebase branch Darkaird\patch-3 onto django-markdownx\develop or your master?

@adi- adi- merged commit e960556 into neutronX:master Nov 2, 2018
@adi- adi- mentioned this pull request Nov 3, 2018
Open
@Pyvonix Pyvonix mentioned this pull request Nov 15, 2018
Closed
ezarowny pushed a commit to EverLovedOrg/django-markdownx that referenced this pull request Dec 21, 2019
@ezarowny
Handle csrf stored in sessions (neutronX#111)
60d0fca 
* Handle csrf stored in sessions

This allow to use CSRF_USE_SESSIONS = True which store crsf token in session instead of cookies.tting CSRF_USE_SESSIONS = True.
It checks if csrf token found in cookies otherwise try to get csrf token in session.

* Remove useless line
@AjibsBaba
Copy link

This allow to use CSRF_USE_SESSIONS = True which store crsf token in session instead of cookies.
It checks if csrf token found in cookies otherwise try to get csrf token in session.

This was helpful

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Intestinall @Pyvonix @JeroenvO @adi- @AjibsBaba