forked from django-cms/django-cms
-
Notifications
You must be signed in to change notification settings - Fork 1
/
csrf.js
90 lines (76 loc) · 2.72 KB
/
csrf.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
// TODO: This file is intended to be deprecated as soon as the jQuery version
// in the admin is fixed
// TODO: Indentation is broken in this file.
(function($){
$.ajaxSetup({
beforeSend: function (xhr, settings) {
if (typeof(settings.csrfTokenSet) != undefined && settings.csrfTokenSet) {
// CSRF token has already been set elsewhere so we won't touch it.
return true;
}
// get cookies without jquery.cookie.js
function getCookie(name) {
var cookieValue = null;
if(document.cookie && (document.cookie != '')) {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = $.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
// do some url checks
var base_doc_url = document.URL.match(/^http[s]{0,1}:\/\/[^\/]+\//)[0];
var base_settings_url = settings.url.match(/^http[s]{0,1}:\/\/[^\/]+\//);
if(base_settings_url != null) {
base_settings_url = base_settings_url[0];
}
if(!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url)) || base_doc_url == base_settings_url) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
settings.csrfTokenSet = true;
}
}
});
return 'ready';
$.fn.cmsPatchCSRF = function () {
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (typeof(settings.csrfTokenSet) !== undefined && settings.csrfTokenSet) {
// CSRF token has already been set elsewhere so we won't touch it.
return true;
}
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = $.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var base_doc_url = document.URL.match(/^http[s]{0,1}:\/\/[^\/]+\//)[0];
var base_settings_url = settings.url.match(/^http[s]{0,1}:\/\/[^\/]+\//);
if (base_settings_url != null) {
base_settings_url = base_settings_url[0];
}
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url)) || base_doc_url == base_settings_url) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
settings.csrfTokenSet = true;
}
}
});
};
})(jQuery);