Context Navigation

← Previous Ticket
Next Ticket →

#15973 closed Bug

Ajax CSRF code in docs doesn't always work. — at Initial Version

Reported by:	ehutch79@…	Owned by:	nobody
Component:	Documentation	Version:	1.3
Severity:	Normal	Keywords:
Cc:		Triage Stage:	Accepted
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

while making urls are local, simply filtering for relative urls is not sufficient. several libraries may end up requesting a fully qualified url that is in fact local.

my suggestion is to change this line:

f (!(/^{http:.*/.test(settings.url)}

/^{https:.*/.test(settings.url))) {}

to this:

var root = location.protocol + '' + location.host;

if (!(/^{http:.*/.test(settings.url)}

/^{https:.*/.test(settings.url))}

settings.url.substr(0, root.length) === root ) {

Change History (1)

by ehutch79@…, 13 years ago

Attachment:	ajax_csrf_fix.patch added

modifies the ajax csrf code in the docs to look for the current pages domain as well as relative urls

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues

Context Navigation

#15973 closed Bug

Ajax CSRF code in docs doesn't always work. — at Initial Version

Description

Change History (1)

by ehutch79@…, 13 years ago

Download in other formats:

Django Links

Learn More

Get Involved

Get Help

Follow Us

Support Us