#15872: JavaScript CSRF fix for Ajax POST mentioned in docs intermittently
fails to
append token for IE7
----------------------------+------------------------------
Reporter: nick@… | Owner: nobody
Type: Bug | Status: new
Milestone: | Component: Documentation
Version: 1.3 | Severity: Normal
Keywords: ajax csrf post | Triage Stage: Unreviewed
Has patch: 1 |
----------------------------+------------------------------
I've found that in some cases(not sure why), IE7 will prepend
protocol://servername to a form's action, causing the
{{{
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url)))
{...}
}}}
test to fail...
I propose we use the following instead, as it will work in more cases:
{{{
var page_host = window.location.host;
var regex=new RegExp('^https?://' + page_host + '/', 'i');
if (regex.test(settings.url) || !(/^http:.*/.test(settings.url) ||
/^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
}
}}}
--
Ticket URL: <http://code.djangoproject.com/ticket/15872>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
