diff options
| author | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2014-05-15 03:20:24 -0300 |
|---|---|---|
| committer | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2014-05-15 03:20:24 -0300 |
| commit | 97f7e16ea22f265b59408c447af6139d530d9cd9 (patch) | |
| tree | cc66ba7ee3965afaa3a501654e5b56cb3f7c7f4b | |
| parent | 5ca8a04794d35e2f9b6955a2c45d9a3cc925cd4f (diff) | |
| download | askbot-97f7e16ea22f265b59408c447af6139d530d9cd9.tar.gz askbot-97f7e16ea22f265b59408c447af6139d530d9cd9.tar.bz2 askbot-97f7e16ea22f265b59408c447af6139d530d9cd9.zip | |
allowed use of custom csrf cookie name in js
| -rw-r--r-- | askbot/media/js/utils.js | 29 | ||||
| -rw-r--r-- | askbot/templates/meta/bottom_scripts.html | 1 |
2 files changed, 17 insertions, 13 deletions
diff --git a/askbot/media/js/utils.js b/askbot/media/js/utils.js index ef4309bd..a3eb2028 100644 --- a/askbot/media/js/utils.js +++ b/askbot/media/js/utils.js @@ -6,6 +6,21 @@ var mediaUrl = function(resource){ return askbot['settings']['static_url'] + 'default' + '/' + resource; }; +var getCookie = function(name) { + var cookieValue = null; + if (document.cookie && document.cookie != '') { + var cookies = document.cookie.split(';'); + for (var i = 0; i < cookies.length; i++) { + var cookie = $.trim(cookies[i]); + // Does this cookie string begin with the name we want? + if (cookie.substring(0, name.length + 1) == (name + '=')) { + return decodeURIComponent(cookie.substring(name.length + 1)); + } + } + } + return cookieValue; +}; + var cleanUrl = function(url){ var re = new RegExp('//', 'g'); return url.replace(re, '/'); @@ -277,18 +292,6 @@ var notify = function() { }; }(); -/* - * CSRF token extractor - */ -var getCSRFToken = function() { - var re = /_csrf=([^;]*)/; - var match = re.exec(document.cookie); - if(match) - return match[1]; - else - return '' -} - /* **************************************************** */ // Search query-string manipulation utils @@ -1390,7 +1393,7 @@ CommentConvertLink.prototype.createDom = function(){ var csrf_token = this.makeElement('input'); csrf_token.attr('type', 'hidden'); csrf_token.attr('name', 'csrfmiddlewaretoken'); - csrf_token.attr('value', getCSRFToken()); + csrf_token.attr('value', getCookie(askbot['settings']['csrfCookieName'])); element.append(csrf_token); var submit = this.makeElement('input'); diff --git a/askbot/templates/meta/bottom_scripts.html b/askbot/templates/meta/bottom_scripts.html index 3f1a6e57..c027258e 100644 --- a/askbot/templates/meta/bottom_scripts.html +++ b/askbot/templates/meta/bottom_scripts.html @@ -43,6 +43,7 @@ {% endif %} askbot['data']['haveFlashNotifications'] = {{ user_messages|as_js_bool }}; askbot['data']['activeTab'] = '{{ active_tab }}'; + askbot['settings']['csrfCookieName'] = '{{ settings.CSRF_COOKIE_NAME }}'; {% if search_state %} askbot['data']['searchUrl'] = '{{ search_state.query_string()|escapejs }}'; {% else %} |