Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork7k
Added support for custom CSRF cookie names#4049
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
| {% block script %} | ||
| <script> | ||
| varcsrf_cookie_name="{{ csrf_cookie_name|default:'csrftoken' }}"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Could we instead do something like:
window.drf={csrfCookieName:"{{ csrf_cookie_name|default:'csrftoken' }}"};
and usewindow.drf.csrfCookieName incsrf.js?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Updated.
jpadilla commentedApr 12, 2016
Good stuff@clintonb, just left one small comment. |
jpadilla commentedApr 12, 2016
This reminds me, I should probably do some house cleaning of our client side stuff. |
Instead of hardcoding the CSRF cookie name, the value is passed to the template as a context variable, rendered as a JavaScript variable, and read by csrf.js.Fixes#4048
clintonb commentedApr 26, 2016
@jpadilla I addressed your comment. Let me know if any other changes are necessary to merge. |
jpadilla commentedApr 26, 2016
@clintonb thanks! |
Instead of hardcoding the CSRF cookie name, the value is passed to the template as a context variable, rendered as a JavaScript variable, and read by csrf.js.
refs#4048