Skip to content

D
django-rest-framework
Commit b76984d2 by Tom Christie Committed by GitHub
Options

Allow custom CSRF_HEADER_NAME setting. (#4415)

parent 966330a8
Showing with 11 additions and 2 deletions
rest_framework/renderers.py
...@@ -645,6 +645,12 @@ class BrowsableAPIRenderer(BaseRenderer): ...@@ -645,6 +645,12 @@ class BrowsableAPIRenderer(BaseRenderer):
else: else:
paginator = None paginator = None
csrf_cookie_name = settings.CSRF_COOKIE_NAME
csrf_header_name = getattr(settings, 'CSRF_HEADER_NAME', 'HTTP_X_CSRFToken') # Fallback for Django 1.8
if csrf_header_name.startswith('HTTP_'):
csrf_header_name = csrf_header_name[5:]
csrf_header_name = csrf_header_name.replace('_', '-')
context = { context = {
'content': self.get_content(renderer, data, accepted_media_type, renderer_context), 'content': self.get_content(renderer, data, accepted_media_type, renderer_context),
'view': view, 'view': view,
...@@ -675,7 +681,8 @@ class BrowsableAPIRenderer(BaseRenderer): ...@@ -675,7 +681,8 @@ class BrowsableAPIRenderer(BaseRenderer):
'display_edit_forms': bool(response.status_code != 403), 'display_edit_forms': bool(response.status_code != 403),
'api_settings': api_settings, 'api_settings': api_settings,
'csrf_cookie_name': settings.CSRF_COOKIE_NAME, 'csrf_cookie_name': csrf_cookie_name,
'csrf_header_name': csrf_header_name
} }
return context return context
......
rest_framework/static/rest_framework/js/csrf.js
...@@ -46,7 +46,7 @@ $.ajaxSetup({ ...@@ -46,7 +46,7 @@ $.ajaxSetup({
// Send the token to same-origin, relative URLs only. // Send the token to same-origin, relative URLs only.
// Send the token only if the method warrants CSRF protection // Send the token only if the method warrants CSRF protection
// Using the CSRFToken value acquired earlier // Using the CSRFToken value acquired earlier
xhr.setRequestHeader("X-CSRFToken", csrftoken); xhr.setRequestHeader(window.drf.csrfHeaderName, csrftoken);
} }
} }
}); });
rest_framework/templates/rest_framework/admin.html
...@@ -232,6 +232,7 @@ ...@@ -232,6 +232,7 @@
{% block script %} {% block script %}
<script> <script>
window.drf = { window.drf = {
csrfHeaderName: "{{ csrf_header_name|default:'X-CSRFToken' }}"
csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}" csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}"
}; };
</script> </script>
......
rest_framework/templates/rest_framework/base.html
...@@ -263,6 +263,7 @@ ...@@ -263,6 +263,7 @@
{% block script %} {% block script %}
<script> <script>
window.drf = { window.drf = {
csrfHeaderName: "{{ csrf_header_name|default:'X-CSRFToken' }}"
csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}" csrfCookieName: "{{ csrf_cookie_name|default:'csrftoken' }}"
}; };
</script> </script>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment