Briq
/
django-admin-sortable-fixwin
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support CSRF_COOKIE_NAME 

Added support for custom CSRF_COOKIE_NAME by refactoring the jquery.django-csrf.js file into a separate .html file that can be used as an include, passing in the CSRF_COOKIE_NAME from settings.
master
Brandon Taylor 2016-02-16 08:48:32 -05:00
parent a7a6c12deb
commit c1181b0e52
8 changed files with 48 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -2,7 +2,7 @@
[![Build Status](https://travis-ci.org/iambrandontaylor/django-admin-sortable.svg?branch=master)](https://travis-ci.org/iambrandontaylor/django-admin-sortable)
Current version: 2.0.10
Current version: 2.0.11
This project makes it easy to add drag-and-drop ordering to any model in
Django admin. Inlines for a sortable model may also be made sortable,
@ -457,8 +457,8 @@ ordering on top of that just seemed a little much in my opinion.
django-admin-sortable is currently used in production.
### What's new in 2.0.10?
- Bugfix for accessing custom `order` property of model. Thanks [@theithec](https://github.com/theithec) for reporting the issue.
### What's new in 2.0.11?
- Custom [CSRF_COOKIE_NAME](https://docs.djangoproject.com/en/1.9/ref/settings/#csrf-cookie-name) is now supported. Thanks [@BUHARDI](https://github.com/BUHARDI) for reporting the issue.
### Future

10
README.rst
View File

@ -3,7 +3,7 @@ Django Admin Sortable
|Build Status|
Current version: 2.0.10
Current version: 2.0.11
This project makes it easy to add drag-and-drop ordering to any model in
Django admin. Inlines for a sortable model may also be made sortable,
@ -596,11 +596,13 @@ Status
django-admin-sortable is currently used in production.
What's new in 2.0.10?
What's new in 2.0.11?
~~~~~~~~~~~~~~~~~~~~~
- Bugfix for accessing custom ``order`` property of model. Thanks
[@theithec](https://github.com/theithec) for reporting the issue.
- Custom
`CSRF\_COOKIE\_NAME <https://docs.djangoproject.com/en/1.9/ref/settings/#csrf-cookie-name>`__
is now supported. Thanks [@BUHARDI](https://github.com/BUHARDI) for
reporting the issue.
Future
~~~~~~

2
adminsortable/__init__.py
View File

@ -1,4 +1,4 @@
VERSION = (2, 0, 10)
VERSION = (2, 0, 11)
DEV_N = None

3
adminsortable/admin.py
View File

@ -215,7 +215,8 @@ class SortableAdmin(SortableAdminBase, ModelAdmin):
'sortable_by_class': sortable_by_class,
'sortable_by_class_is_sortable': sortable_by_class_is_sortable,
'sortable_by_class_display_name': sortable_by_class_display_name,
'jquery_lib_path': jquery_lib_path
'jquery_lib_path': jquery_lib_path,
'csrf_cookie_name': getattr(settings, 'CSRF_COOKIE_NAME', 'csrftoken')
}
return render(request, self.sortable_change_list_template, context)

32
adminsortable/static/adminsortable/js/jquery.django-csrf.js
View File

@ -1,32 +0,0 @@
// using jQuery
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie !== '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = django.jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) === (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('csrftoken');
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
django.jQuery.ajaxSetup({
crossDomain: false, // obviates need for sameOrigin test
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type)) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}
});

2
adminsortable/templates/adminsortable/change_form.html
View File

@ -8,7 +8,7 @@
{% if has_sortable_tabular_inlines or has_sortable_stacked_inlines %}
<script type="text/javascript" src="{% static 'adminsortable/js/jquery-ui-django-admin.min.js' %}"></script>
<script type="text/javascript" src="{% static 'adminsortable/js/jquery.django-csrf.js' %}"></script>
{% include 'adminsortable/csrf/jquery.django-csrf.html' with csrf_cookie_name=csrf_cookie_name %}
{% endif %}
{% if has_sortable_tabular_inlines %}

2
adminsortable/templates/adminsortable/change_list.html
View File

@ -13,7 +13,7 @@
<script src="{% static jquery_lib_path %}"></script>
<script src="{% static 'admin/js/jquery.init.js' %}"></script>
<script src="{% static 'adminsortable/js/jquery-ui-django-admin.min.js' %}"></script>
<script src="{% static 'adminsortable/js/jquery.django-csrf.js' %}"></script>
{% include 'adminsortable/csrf/jquery.django-csrf.html' with csrf_cookie_name=csrf_cookie_name %}
<script src="{% static 'adminsortable/js/admin.sortable.js' %}"></script>
{% endblock %}

34
adminsortable/templates/adminsortable/csrf/jquery.django-csrf.html 100644
View File

@ -0,0 +1,34 @@
<script>
// using jQuery
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie !== '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = django.jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) === (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('{{ csrf_cookie_name }}');
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
django.jQuery.ajaxSetup({
crossDomain: false, // obviates need for sameOrigin test
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type)) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}
});
</script>