1
0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-19 18:29:23 +00:00

[csrf cookie] modification

This commit is contained in:
llj
2018-08-30 18:19:03 +08:00
parent 0f59f84804
commit 20c33de178
5 changed files with 20 additions and 5 deletions

View File

@@ -103,7 +103,7 @@ function addConfirmTo(op_ele, popup) {
$('<form>', { $('<form>', {
"method": 'POST', "method": 'POST',
"action": $(this).data('url'), "action": $(this).data('url'),
"html": '<input name="csrfmiddlewaretoken" value="' + getCookie('sfcsrftoken') + '" type="hidden">' "html": '<input name="csrfmiddlewaretoken" value="' + getCookie(SEAFILE_GLOBAL.csrfCookieName) + '" type="hidden">'
}).appendTo(document.body).trigger('submit'); }).appendTo(document.body).trigger('submit');
} else { // default } else { // default
location.href = $(this).data('url'); location.href = $(this).data('url');
@@ -130,7 +130,7 @@ function addFormPost(op_ele) {
$('<form>', { $('<form>', {
"method": 'POST', "method": 'POST',
"action": $(this).data('url'), "action": $(this).data('url'),
"html": '<input name="csrfmiddlewaretoken" value="' + getCookie('sfcsrftoken') + '" type="hidden">' "html": '<input name="csrfmiddlewaretoken" value="' + getCookie(SEAFILE_GLOBAL.csrfCookieName) + '" type="hidden">'
}).appendTo(document.body).trigger('submit'); }).appendTo(document.body).trigger('submit');
return false; return false;
}); });
@@ -223,7 +223,7 @@ function getCookie(name) {
function prepareCSRFToken(xhr, settings) { function prepareCSRFToken(xhr, settings) {
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally. // Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", getCookie('sfcsrftoken')); xhr.setRequestHeader("X-CSRFToken", getCookie(SEAFILE_GLOBAL.csrfCookieName));
} }
} }

View File

@@ -128,7 +128,11 @@
<button class="simplemodal-close">{% trans "No" %}</button> <button class="simplemodal-close">{% trans "No" %}</button>
</div> </div>
</div><!-- wrapper --> </div><!-- wrapper -->
<script type="text/javascript">
var SEAFILE_GLOBAL = {
csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
};
</script>
<script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}" id="jquery"></script>{# 'id="jquery"' is for pdf file view with pdf2html #} <script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}" id="jquery"></script>{# 'id="jquery"' is for pdf file view with pdf2html #}
<script type="text/javascript" src="{% static "scripts/lib/jquery.simplemodal.js" %}"></script> <script type="text/javascript" src="{% static "scripts/lib/jquery.simplemodal.js" %}"></script>
<script type="text/javascript" src="{% static "scripts/lib/jstree.min.js" %}"></script> <script type="text/javascript" src="{% static "scripts/lib/jstree.min.js" %}"></script>

View File

@@ -79,7 +79,8 @@ var app = {
config: { config: {
mediaUrl: '{{ MEDIA_URL }}', mediaUrl: '{{ MEDIA_URL }}',
siteRoot: '{{ SITE_ROOT }}', siteRoot: '{{ SITE_ROOT }}',
loginUrl: '{{ LOGIN_URL }}' loginUrl: '{{ LOGIN_URL }}',
csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
} }
}; };
app["pageOptions"] = { app["pageOptions"] = {

View File

@@ -15,6 +15,11 @@ html, body { padding:0; margin:0; height:100%; }
<div id="placeholder"></div> <div id="placeholder"></div>
{% get_current_language as LANGUAGE_CODE %} {% get_current_language as LANGUAGE_CODE %}
<script type="text/javascript">
var SEAFILE_GLOBAL = {
csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
};
</script>
<script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}"></script> <script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}"></script>
<script type="text/javascript" src="{{ MEDIA_URL }}js/jq.min.js"></script> <script type="text/javascript" src="{{ MEDIA_URL }}js/jq.min.js"></script>
<script type="text/javascript" src="{{ MEDIA_URL }}js/base.js"></script> <script type="text/javascript" src="{{ MEDIA_URL }}js/base.js"></script>

View File

@@ -38,6 +38,11 @@
<iframe id="office_frame" name="office_frame" class="hide" allowfullscreen ></iframe> <iframe id="office_frame" name="office_frame" class="hide" allowfullscreen ></iframe>
<script type="text/javascript">
var SEAFILE_GLOBAL = {
csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
};
</script>
<script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}"></script> <script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}"></script>
<script type="text/javascript" src="{{ MEDIA_URL }}js/jq.min.js"></script> <script type="text/javascript" src="{{ MEDIA_URL }}js/jq.min.js"></script>
<script type="text/javascript" src="{{ MEDIA_URL }}js/base.js"></script> <script type="text/javascript" src="{{ MEDIA_URL }}js/base.js"></script>