Ticket #15973: ajax_csrf_fix.patch

File ajax_csrf_fix.patch, 803 bytes (added by ehutch79@…, 14 years ago)

modifies the ajax csrf code in the docs to look for the current pages domain as well as relative urls

  • docs/ref/contrib/csrf.txt 

    diff -rupN Django-1.3/docs/ref/contrib/csrf.txt Django-1.3-edited/docs/ref/contrib/csrf.txt
    old new that allow headers to be set on every re  
    112112            }
    113113            return cookieValue;
    114114        }
    115         if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
     115        var root = location.protocol + '//' + location.host;
     116        if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url)) || settings.url.substr(0, root.length) === root  ) {
    116117            // Only send the token to relative URLs i.e. locally.
    117118            xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
    118119        }
Back to Top