haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-18 08:16:07 +00:00
Code Issues Releases Wiki Activity

[csrf cookie] modification

Browse Source
This commit is contained in:
llj
2018-08-30 18:19:03 +08:00
parent 0f59f84804
commit 20c33de178
5 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
media/js/base.js
View File

@@ -103,7 +103,7 @@ function addConfirmTo(op_ele, popup) {
$('<form>', {
"method": 'POST',
"action": $(this).data('url'),
"html": '<input name="csrfmiddlewaretoken" value="' + getCookie('sfcsrftoken') + '" type="hidden">'
"html": '<input name="csrfmiddlewaretoken" value="' + getCookie(SEAFILE_GLOBAL.csrfCookieName) + '" type="hidden">'
}).appendTo(document.body).trigger('submit');
} else { // default
location.href = $(this).data('url');
@@ -130,7 +130,7 @@ function addFormPost(op_ele) {
$('<form>', {
"method": 'POST',
"action": $(this).data('url'),
"html": '<input name="csrfmiddlewaretoken" value="' + getCookie('sfcsrftoken') + '" type="hidden">'
"html": '<input name="csrfmiddlewaretoken" value="' + getCookie(SEAFILE_GLOBAL.csrfCookieName) + '" type="hidden">'
}).appendTo(document.body).trigger('submit');
return false;
});
@@ -223,7 +223,7 @@ function getCookie(name) {
function prepareCSRFToken(xhr, settings) {
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", getCookie('sfcsrftoken'));
xhr.setRequestHeader("X-CSRFToken", getCookie(SEAFILE_GLOBAL.csrfCookieName));
}
}

6
seahub/templates/base.html
View File

@@ -128,7 +128,11 @@
<button class="simplemodal-close">{% trans "No" %}</button>
</div>
</div><!-- wrapper -->
<script type="text/javascript">
var SEAFILE_GLOBAL = {
csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
};
</script>
<script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}" id="jquery"></script>{# 'id="jquery"' is for pdf file view with pdf2html #}
<script type="text/javascript" src="{% static "scripts/lib/jquery.simplemodal.js" %}"></script>
<script type="text/javascript" src="{% static "scripts/lib/jstree.min.js" %}"></script>

3
seahub/templates/sysadmin/sysadmin_backbone.html
View File

@@ -79,7 +79,8 @@ var app = {
config: {
mediaUrl: '{{ MEDIA_URL }}',
siteRoot: '{{ SITE_ROOT }}',
loginUrl: '{{ LOGIN_URL }}'
loginUrl: '{{ LOGIN_URL }}',
csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
}
};
app["pageOptions"] = {

5
seahub/templates/view_file_onlyoffice.html
View File

@@ -15,6 +15,11 @@ html, body { padding:0; margin:0; height:100%; }
<div id="placeholder"></div>
{% get_current_language as LANGUAGE_CODE %}
<script type="text/javascript">
var SEAFILE_GLOBAL = {
csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
};
</script>
<script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}"></script>
<script type="text/javascript" src="{{ MEDIA_URL }}js/jq.min.js"></script>
<script type="text/javascript" src="{{ MEDIA_URL }}js/base.js"></script>

5
seahub/templates/view_file_wopi.html
View File

@@ -38,6 +38,11 @@
<iframe id="office_frame" name="office_frame" class="hide" allowfullscreen ></iframe>
<script type="text/javascript">
var SEAFILE_GLOBAL = {
csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
};
</script>
<script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}"></script>
<script type="text/javascript" src="{{ MEDIA_URL }}js/jq.min.js"></script>
<script type="text/javascript" src="{{ MEDIA_URL }}js/base.js"></script>