Skip to content
This repository has been archived by the owner on Jun 20, 2018. It is now read-only.

Not standart csrf cookie name #19

Open
karech opened this issue Mar 11, 2015 · 0 comments
Open

Not standart csrf cookie name #19

karech opened this issue Mar 11, 2015 · 0 comments

Comments

@karech
Copy link

karech commented Mar 11, 2015

If you change CSRF_COOKIE_NAME in project settings, then nexus admin ajax requests will fail with 403 error. Problem in nexus/media/lib/nexus.js:38

...
if (!safeMethod(settings.type) && sameOrigin(settings.url)) {
    xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
}
...

Fix: Pull request
@karech karech mentioned this issue Mar 11, 2015
Closed
adamchainz pushed a commit to adamchainz/nexus that referenced this issue Dec 31, 2015
Fix CSRF protection to work with non-standard CSRF cookie names
d3131d4 
Fixes disqus#19 with an updated version of disqus#18 with review changes. Thanks @karech and @graingert.
@adamchainz adamchainz mentioned this issue Dec 31, 2015
Merged
delinhabit pushed a commit to roverdotcom/disqus-nexus that referenced this issue Mar 17, 2016
@delinhabit
Fix CSRF protection to work with non-standard CSRF cookie names
586b3d7 
Fixes disqus#19 with an updated version of disqus#18 with review changes. Thanks @karech and @graingert.

Conflicts:
	HISTORY.rst
	nexus/templatetags/nexus_helpers.py
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@karech