Ticket #8127: csrf_check_ajax_requests_too.diff

File csrf_check_ajax_requests_too.diff, 890 bytes (added by Jeroen Pulles <jeroen.pulles@…>, 16 years ago)

Get the CSRF token from HTTP headers when using Ajax requests

  • middleware.py

     
    5151
    5252            csrf_token = _make_token(session_id)
    5353            # check incoming token
    54             try:
    55                 request_csrf_token = request.POST['csrfmiddlewaretoken']
    56             except KeyError:
    57                 return HttpResponseForbidden(_ERROR_MSG)
     54            if request.is_ajax():
     55                request_csrf_token = request.META.get('HTTP_X_CSRFMIDDLEWARETOKEN')
     56            else:
     57                try:
     58                    request_csrf_token = request.POST['csrfmiddlewaretoken']
     59                except KeyError:
     60                    return HttpResponseForbidden(_ERROR_MSG)
    5861
    5962            if request_csrf_token != csrf_token:
    6063                return HttpResponseForbidden(_ERROR_MSG)
Back to Top