Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added support for custom CSRF cookie names #4049

Merged
merged 1 commit into from Apr 26, 2016
Merged

Added support for custom CSRF cookie names #4049

merged 1 commit into from Apr 26, 2016

Conversation

clintonb
Copy link
Contributor

@clintonb clintonb commented Apr 12, 2016

Instead of hardcoding the CSRF cookie name, the value is passed to the template as a context variable, rendered as a JavaScript variable, and read by csrf.js.

refs #4048

@@ -230,6 +230,9 @@ <h4 class="modal-title" id="myModalLabel">{{ error_title }}</h4>
{% if filter_form %}{{ filter_form }}{% endif %}

{% block script %}
<script>
var csrf_cookie_name = "{{ csrf_cookie_name|default:'csrftoken' }}";
Copy link
Member

@jpadilla jpadilla Apr 12, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we instead do something like:

window.drf = {
  csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}"
};

and use window.drf.csrfCookieName in csrf.js?

Copy link
Contributor Author

@clintonb clintonb Apr 12, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated.

@jpadilla
Copy link
Member

jpadilla commented Apr 12, 2016

Good stuff @clintonb, just left one small comment.

@jpadilla
Copy link
Member

jpadilla commented Apr 12, 2016

This reminds me, I should probably do some house cleaning of our client side stuff.

Instead of hardcoding the CSRF cookie name, the value is passed to the template as a context variable, rendered as a JavaScript variable, and read by csrf.js.

Fixes #4048
@clintonb
Copy link
Contributor Author

clintonb commented Apr 26, 2016

@jpadilla I addressed your comment. Let me know if any other changes are necessary to merge.

@jpadilla jpadilla added this to the 3.3.4 Release milestone Apr 26, 2016
@jpadilla jpadilla merged commit 4f16c54 into encode:master Apr 26, 2016
2 checks passed
@jpadilla
Copy link
Member

jpadilla commented Apr 26, 2016

@clintonb thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants