Home Explore Help
Sign In
221V
/
Misago
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

trigger CSRF token cookie via preloaded_data.js

Rafał Pitoń 10 years ago
parent
f67f44bae2
commit
eff6a2d05b
3 changed files with 4 additions and 2 deletions
Unified View Show Diff Stats
  1. 1 0
      misago/conf/context_processors.py
  2. 2 1
      misago/templates/misago/base.html
  3. 1 1
      misago/templates/misago/preloaded_data.js

+ 1 - 0
misago/conf/context_processors.py
View File 

@@ -6,6 +6,7 @@ from misago.conf.dbsettings import db_settings
 
 
 
 def settings(request):
 
 def settings(request):
 
     return {
 
     return {
 
+        'DEBUG': dj_settings.DEBUG,
 
         'misago_settings': db_settings,
 
         'misago_settings': db_settings,
 
 
 
         'LOGIN_REDIRECT_URL': dj_settings.LOGIN_REDIRECT_URL,
 
         'LOGIN_REDIRECT_URL': dj_settings.LOGIN_REDIRECT_URL,

+ 2 - 1
misago/templates/misago/base.html
View File 

@@ -9,7 +9,6 @@
 
     <meta name="description" content="{% block meta-description %}{% endblock %}">
 
     <meta name="description" content="{% block meta-description %}{% endblock %}">
 
     <base href="/">
 
     <base href="/">
 
     <meta name="misago/config/environment" content="%7B%22modulePrefix%22%3A%22misago%22%2C%22environment%22%3A%22production%22%2C%22baseURL%22%3A%22/%22%2C%22locationType%22%3A%22trailing-slash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%7D%2C%22APP%22%3A%7B%22rootElement%22%3A%22%23main%22%2C%22API_HOST%22%3A%22%22%2C%22API_NAMESPACE%22%3A%22api%22%2C%22API_ADD_TRAILING_SLASHES%22%3Atrue%7D%2C%22contentSecurityPolicyHeader%22%3A%22Content-Security-Policy-Report-Only%22%2C%22contentSecurityPolicy%22%3A%7B%22default-src%22%3A%22%27none%27%22%2C%22script-src%22%3A%22%27self%27%22%2C%22font-src%22%3A%22%27self%27%22%2C%22connect-src%22%3A%22%27self%27%22%2C%22img-src%22%3A%22%27self%27%22%2C%22style-src%22%3A%22%27self%27%22%2C%22media-src%22%3A%22%27self%27%22%7D%2C%22exportApplicationGlobal%22%3Afalse%7D">
 
     <meta name="misago/config/environment" content="%7B%22modulePrefix%22%3A%22misago%22%2C%22environment%22%3A%22production%22%2C%22baseURL%22%3A%22/%22%2C%22locationType%22%3A%22trailing-slash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%7D%2C%22APP%22%3A%7B%22rootElement%22%3A%22%23main%22%2C%22API_HOST%22%3A%22%22%2C%22API_NAMESPACE%22%3A%22api%22%2C%22API_ADD_TRAILING_SLASHES%22%3Atrue%7D%2C%22contentSecurityPolicyHeader%22%3A%22Content-Security-Policy-Report-Only%22%2C%22contentSecurityPolicy%22%3A%7B%22default-src%22%3A%22%27none%27%22%2C%22script-src%22%3A%22%27self%27%22%2C%22font-src%22%3A%22%27self%27%22%2C%22connect-src%22%3A%22%27self%27%22%2C%22img-src%22%3A%22%27self%27%22%2C%22style-src%22%3A%22%27self%27%22%2C%22media-src%22%3A%22%27self%27%22%7D%2C%22exportApplicationGlobal%22%3Afalse%7D">
 
-    <meta name="misago/csrf-token" content="{{ csrf_token }}">
 
     <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
 
     <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
 
     <!--[if lt IE 9]>
 
     <!--[if lt IE 9]>
 
       <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
 
       <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
 
@@ -36,6 +35,8 @@
 
 
 
     <section id="main"></section>
 
     <section id="main"></section>
 
 
 
+    {% include "misago/auth.html" %}
 
+
 
     <script type="text/javascript" src="/django-i18n.js"></script>
 
     <script type="text/javascript" src="/django-i18n.js"></script>
 
     <script type="text/javascript">
 
     <script type="text/javascript">
 
       {% include "misago/preloaded_data.js" %}
 
       {% include "misago/preloaded_data.js" %}

+ 1 - 1
misago/templates/misago/preloaded_data.js
View File 

@@ -1,2 +1,2 @@
 
-{% load misago_json %}
 
+{% load misago_json %}{% if DEBUG %}// CSRF Token: {{ csrf_token }}{% endif %}
 
 window.MisagoData = {{ preloaded_ember_data|as_json }};
 
 window.MisagoData = {{ preloaded_ember_data|as_json }};