Briq
/
django-admin-sortable-fixwin
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #54 from dokterbob/iambrandontaylor-csrf 

Added jQuery tool for doing proper CSRF with AJAX
master
Brandon Taylor 2013-09-04 13:18:33 -07:00
parent e7263ac5d0 1bf1f96703
commit 6e334a2ef9
4 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -223,6 +223,7 @@ Example:
js = ( js = (
'//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js', '//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js',
'//ajax.googleapis.com/ajax/libs/jqueryui/1.10.2/jquery-ui.min.js', '//ajax.googleapis.com/ajax/libs/jqueryui/1.10.2/jquery-ui.min.js',
'adminsortable/js/jquery.django-csrf.js',
# 'adminsortable/js/admin.sortable.stacked.inlines.js', # 'adminsortable/js/admin.sortable.stacked.inlines.js',
'adminsortable/js/admin.sortable.tabular.inlines.js', 'adminsortable/js/admin.sortable.tabular.inlines.js',
) )

2
adminsortable/admin.py
View File

@ -19,7 +19,6 @@ from django.contrib.contenttypes.models import ContentType
from django.http import HttpResponse from django.http import HttpResponse
from django.shortcuts import render from django.shortcuts import render
from django.template.defaultfilters import capfirst from django.template.defaultfilters import capfirst
from django.views.decorators.csrf import csrf_exempt
from adminsortable.utils import get_is_sortable from adminsortable.utils import get_is_sortable
from adminsortable.fields import SortableForeignKey from adminsortable.fields import SortableForeignKey
@ -212,7 +211,6 @@ class SortableAdmin(SortableAdminBase, ModelAdmin):
return super(SortableAdmin, self).change_view(request, object_id, return super(SortableAdmin, self).change_view(request, object_id,
extra_context=extra_context) extra_context=extra_context)
@csrf_exempt
def do_sorting_view(self, request, model_type_id=None): def do_sorting_view(self, request, model_type_id=None):
""" """
This view sets the ordering of the objects for the model type This view sets the ordering of the objects for the model type

32
adminsortable/static/adminsortable/js/jquery.django-csrf.js 100644
View File

@ -0,0 +1,32 @@
// using jQuery
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie !== '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('csrftoken');
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
crossDomain: false, // obviates need for sameOrigin test
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type)) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}
});

1
adminsortable/templates/adminsortable/change_form.html
View File

@ -10,6 +10,7 @@
{% if has_sortable_tabular_inlines or has_sortable_stacked_inlines %} {% if has_sortable_tabular_inlines or has_sortable_stacked_inlines %}
{% include sortable_javascript_includes_template with inlines=True %} {% include sortable_javascript_includes_template with inlines=True %}
{% endif %} {% endif %}
<script type="text/javascript" src="{% static 'adminsortable/js/jquery.django-csrf.js' %}"></script>
{% if has_sortable_tabular_inlines %} {% if has_sortable_tabular_inlines %}
<script type="text/javascript" src="{% static 'adminsortable/js/admin.sortable.tabular.inlines.js' %}"></script> <script type="text/javascript" src="{% static 'adminsortable/js/admin.sortable.tabular.inlines.js' %}"></script>
{% endif %} {% endif %}