#15973: Ajax CSRF code in docs doesn't always work.
------------------------+-------------------------------
Reporter: ehutch79@… | Owner: nobody
Type: Bug | Status: new
Milestone: | Component: Documentation
Version: 1.3 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Easy pickings: 0
------------------------+-------------------------------
while making urls are local, simply filtering for relative urls is not
sufficient. several libraries may end up requesting a fully qualified url
that is in fact local.
my suggestion is to change this line:
f (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
to this:
var root = location.protocol + '//' + location.host;
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url)) ||
settings.url.substr(0, root.length) === root ) {
--
Ticket URL: <http://code.djangoproject.com/ticket/15973>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
