mirror of
https://github.com/haiwen/seahub.git
synced 2025-09-20 02:48:51 +00:00
[csrf cookie] modification
This commit is contained in:
llj
@@ -103,7 +103,7 @@ function addConfirmTo(op_ele, popup) {
|
|||||||
$('<form>', {
|
$('<form>', {
|
||||||
"method": 'POST',
|
"method": 'POST',
|
||||||
"action": $(this).data('url'),
|
"action": $(this).data('url'),
|
||||||
"html": '<input name="csrfmiddlewaretoken" value="' + getCookie('sfcsrftoken') + '" type="hidden">'
|
"html": '<input name="csrfmiddlewaretoken" value="' + getCookie(SEAFILE_GLOBAL.csrfCookieName) + '" type="hidden">'
|
||||||
}).appendTo(document.body).trigger('submit');
|
}).appendTo(document.body).trigger('submit');
|
||||||
} else { // default
|
} else { // default
|
||||||
location.href = $(this).data('url');
|
location.href = $(this).data('url');
|
||||||
@@ -130,7 +130,7 @@ function addFormPost(op_ele) {
|
|||||||
$('<form>', {
|
$('<form>', {
|
||||||
"method": 'POST',
|
"method": 'POST',
|
||||||
"action": $(this).data('url'),
|
"action": $(this).data('url'),
|
||||||
"html": '<input name="csrfmiddlewaretoken" value="' + getCookie('sfcsrftoken') + '" type="hidden">'
|
"html": '<input name="csrfmiddlewaretoken" value="' + getCookie(SEAFILE_GLOBAL.csrfCookieName) + '" type="hidden">'
|
||||||
}).appendTo(document.body).trigger('submit');
|
}).appendTo(document.body).trigger('submit');
|
||||||
return false;
|
return false;
|
||||||
});
|
});
|
||||||
@@ -223,7 +223,7 @@ function getCookie(name) {
|
|||||||
function prepareCSRFToken(xhr, settings) {
|
function prepareCSRFToken(xhr, settings) {
|
||||||
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
|
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
|
||||||
// Only send the token to relative URLs i.e. locally.
|
// Only send the token to relative URLs i.e. locally.
|
||||||
xhr.setRequestHeader("X-CSRFToken", getCookie('sfcsrftoken'));
|
xhr.setRequestHeader("X-CSRFToken", getCookie(SEAFILE_GLOBAL.csrfCookieName));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -128,7 +128,11 @@
|
|||||||
<button class="simplemodal-close">{% trans "No" %}</button>
|
<button class="simplemodal-close">{% trans "No" %}</button>
|
||||||
</div>
|
</div>
|
||||||
</div><!-- wrapper -->
|
</div><!-- wrapper -->
|
||||||
|
<script type="text/javascript">
|
||||||
|
var SEAFILE_GLOBAL = {
|
||||||
|
csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
|
||||||
|
};
|
||||||
|
</script>
|
||||||
<script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}" id="jquery"></script>{# 'id="jquery"' is for pdf file view with pdf2html #}
|
<script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}" id="jquery"></script>{# 'id="jquery"' is for pdf file view with pdf2html #}
|
||||||
<script type="text/javascript" src="{% static "scripts/lib/jquery.simplemodal.js" %}"></script>
|
<script type="text/javascript" src="{% static "scripts/lib/jquery.simplemodal.js" %}"></script>
|
||||||
<script type="text/javascript" src="{% static "scripts/lib/jstree.min.js" %}"></script>
|
<script type="text/javascript" src="{% static "scripts/lib/jstree.min.js" %}"></script>
|
||||||
|
|||||||
@@ -79,7 +79,8 @@ var app = {
|
|||||||
config: {
|
config: {
|
||||||
mediaUrl: '{{ MEDIA_URL }}',
|
mediaUrl: '{{ MEDIA_URL }}',
|
||||||
siteRoot: '{{ SITE_ROOT }}',
|
siteRoot: '{{ SITE_ROOT }}',
|
||||||
loginUrl: '{{ LOGIN_URL }}'
|
loginUrl: '{{ LOGIN_URL }}',
|
||||||
|
csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
app["pageOptions"] = {
|
app["pageOptions"] = {
|
||||||
|
|||||||
@@ -15,6 +15,11 @@ html, body { padding:0; margin:0; height:100%; }
|
|||||||
<div id="placeholder"></div>
|
<div id="placeholder"></div>
|
||||||
|
|
||||||
{% get_current_language as LANGUAGE_CODE %}
|
{% get_current_language as LANGUAGE_CODE %}
|
||||||
|
<script type="text/javascript">
|
||||||
|
var SEAFILE_GLOBAL = {
|
||||||
|
csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
|
||||||
|
};
|
||||||
|
</script>
|
||||||
<script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}"></script>
|
<script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}"></script>
|
||||||
<script type="text/javascript" src="{{ MEDIA_URL }}js/jq.min.js"></script>
|
<script type="text/javascript" src="{{ MEDIA_URL }}js/jq.min.js"></script>
|
||||||
<script type="text/javascript" src="{{ MEDIA_URL }}js/base.js"></script>
|
<script type="text/javascript" src="{{ MEDIA_URL }}js/base.js"></script>
|
||||||
|
|||||||
@@ -38,6 +38,11 @@
|
|||||||
|
|
||||||
<iframe id="office_frame" name="office_frame" class="hide" allowfullscreen ></iframe>
|
<iframe id="office_frame" name="office_frame" class="hide" allowfullscreen ></iframe>
|
||||||
|
|
||||||
|
<script type="text/javascript">
|
||||||
|
var SEAFILE_GLOBAL = {
|
||||||
|
csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
|
||||||
|
};
|
||||||
|
</script>
|
||||||
<script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}"></script>
|
<script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}"></script>
|
||||||
<script type="text/javascript" src="{{ MEDIA_URL }}js/jq.min.js"></script>
|
<script type="text/javascript" src="{{ MEDIA_URL }}js/jq.min.js"></script>
|
||||||
<script type="text/javascript" src="{{ MEDIA_URL }}js/base.js"></script>
|
<script type="text/javascript" src="{{ MEDIA_URL }}js/base.js"></script>
|
||||||
|
|||||||
Reference in New Issue
Block a user