Skip to content

Make CSRF cookie and header names configuration based on django settings #585

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Make CSRF cookie and header names configuration based on django settings #585

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions graphene_django/templates/graphene/graphiql.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
<script>
// Parse the cookie value for a CSRF token
var csrftoken;
var cookies = ('; ' + document.cookie).split('; csrftoken=');
var cookies = ('; ' + document.cookie).split('; {{ csrf_cookie }}=');
if (cookies.length == 2)
csrftoken = cookies.pop().split(';').shift();

Expand Down Expand Up @@ -66,7 +66,7 @@
'Content-Type': 'application/json'
};
if (csrftoken) {
headers['X-CSRFToken'] = csrftoken;
headers['{{csrf_header}}'] = csrftoken;
}
return fetch(fetchURL, {
method: 'post',
Expand Down
16 changes: 13 additions & 3 deletions graphene_django/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,16 @@
import re

import six
from django.conf import settings
from django.http import HttpResponse, HttpResponseNotAllowed
from django.http.response import HttpResponseBadRequest
from django.shortcuts import render
from django.utils.decorators import method_decorator
from django.views.generic import View
from django.views.decorators.csrf import ensure_csrf_cookie

from django.views.generic import View
from graphql import get_default_backend
from graphql.error import format_error as format_graphql_error
from graphql.error import GraphQLError
from graphql.error import format_error as format_graphql_error
from graphql.execution import ExecutionResult
from graphql.type.schema import GraphQLSchema

Expand Down Expand Up @@ -148,6 +148,8 @@ def dispatch(self, request, *args, **kwargs):
variables=json.dumps(variables) or "",
operation_name=operation_name or "",
result=result or "",
csrf_cookie=settings.CSRF_COOKIE_NAME,
csrf_header=self.get_csrf_header_name(settings.CSRF_HEADER_NAME),
)

return HttpResponse(
Expand Down Expand Up @@ -343,3 +345,11 @@ def get_content_type(request):
meta = request.META
content_type = meta.get("CONTENT_TYPE", meta.get("HTTP_CONTENT_TYPE", ""))
return content_type.split(";", 1)[0].lower()

@staticmethod
def get_csrf_header_name(django_csrf_header_name):
header_name = django_csrf_header_name
if header_name.startswith('HTTP_'):
header_name = header_name[5:]

return header_name.replace('_', '-')