mirror of
				https://github.com/django/django.git
				synced 2025-10-24 22:26:08 +00:00 
			
		
		
		
	[1.3.X] Fixed #15869 - example AJAX code in CSRF docs fails sometimes for IE7 or absolute same origin URLs
Thanks to nick for the report. Backport of [16183] from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16184 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -96,7 +96,7 @@ that allow headers to be set on every request. In jQuery, you can use the | |||||||
|  |  | ||||||
| .. code-block:: javascript | .. code-block:: javascript | ||||||
|  |  | ||||||
|     $('html').ajaxSend(function(event, xhr, settings) { |     $(document).ajaxSend(function(event, xhr, settings) { | ||||||
|         function getCookie(name) { |         function getCookie(name) { | ||||||
|             var cookieValue = null; |             var cookieValue = null; | ||||||
|             if (document.cookie && document.cookie != '') { |             if (document.cookie && document.cookie != '') { | ||||||
| @@ -112,8 +112,19 @@ that allow headers to be set on every request. In jQuery, you can use the | |||||||
|             } |             } | ||||||
|             return cookieValue; |             return cookieValue; | ||||||
|         } |         } | ||||||
|         if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { |         function sameOrigin(url) { | ||||||
|             // Only send the token to relative URLs i.e. locally. |             // url could be relative or scheme relative or absolute | ||||||
|  |             var host = document.location.host; // host + port | ||||||
|  |             var protocol = document.location.protocol; | ||||||
|  |             var sr_origin = '//' + host; | ||||||
|  |             var origin = protocol + sr_origin; | ||||||
|  |             // Allow absolute or scheme relative URLs to same origin | ||||||
|  |             return (url == origin || url.slice(0, origin.length + 1) == origin + '/') || | ||||||
|  |                 (url == sr_origin || url.slice(0, sr_origin.length + 1) == sr_origin + '/') || | ||||||
|  |                 // or any other URL that isn't scheme relative or absolute i.e relative. | ||||||
|  |                 !(/^(\/\/|http:|https:).*/.test(url)); | ||||||
|  |         } | ||||||
|  |         if (sameOrigin(settings.url)) { | ||||||
|             xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); |             xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); | ||||||
|         } |         } | ||||||
|     }); |     }); | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user