Ticket #12738: #12738-csrf_token_url_name_configurable.diff

File #12738-csrf_token_url_name_configurable.diff, 2.1 KB (added by German M. Bravo, 12 years ago)

  • django/middleware/csrf.py 

    diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py
index fd8ff30..bbc34df 100644
    a b class CsrfViewMiddleware(object):  
    169169            # Check non-cookie token for match.
    170170            request_csrf_token = ""
    171171            if request.method == "POST":
    172                 request_csrf_token = request.POST.get('csrfmiddlewaretoken', '')
     172                request_csrf_token = request.POST.get(settings.CSRF_INPUT_NAME, '')
    173173
    174174            if request_csrf_token == "":
    175175                # Fall back to X-CSRFToken, to make things easier for AJAX,

  • django/conf/global_settings.py 

    diff --git a/django/conf/global_settings.py b/django/conf/global_settings.py
index bd85c12..8739399 100644
    a b SIGNING_BACKEND = 'django.core.signing.TimestampSigner'  
    531531CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure'
    532532
    533533# Settings for CSRF cookie.
     534CSRF_INPUT_NAME = 'csrfmiddlewaretoken'
    534535CSRF_COOKIE_NAME = 'csrftoken'
    535536CSRF_COOKIE_DOMAIN = None
    536537CSRF_COOKIE_PATH = '/'

  • django/template/defaulttags.py 

    diff --git a/django/template/defaulttags.py b/django/template/defaulttags.py
index 954c5d6..ff21bff 100644
    a b class CsrfTokenNode(Node):  
    4545            if csrf_token == 'NOTPROVIDED':
    4646                return mark_safe(u"")
    4747            else:
    48                 return mark_safe(u"<div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='%s' /></div>" % csrf_token)
     48                return mark_safe(u"<div style='display:none'><input type='hidden' name='%s' value='%s' /></div>" % (settings.CSRF_INPUT_NAME, csrf_token))
    4949        else:
    5050            # It's very probable that the token is missing because of
    5151            # misconfiguration, so we raise a warning
    52             from django.conf import settings
    5352            if settings.DEBUG:
    5453                import warnings
    5554                warnings.warn("A {% csrf_token %} was used in a template, but the context did not provide the value.  This is usually caused by not using RequestContext.")
Back to Top