fix #51: disable all caching, remove etag and last modified headers, add csrftoken cookie to ajax post requests
This commit is contained in:
parent
d144d1cc7a
commit
4b3aeb00ef
@ -1,6 +1,6 @@
|
|||||||
/*
|
/*
|
||||||
|
|
||||||
Copyright (C) 2020 willipink.eu
|
Copyright (C) 2020-2022 willipink.eu
|
||||||
Author Moritz Münch moritzmuench@mailbox.org
|
Author Moritz Münch moritzmuench@mailbox.org
|
||||||
|
|
||||||
This program is free software: you can redistribute it and/or modify
|
This program is free software: you can redistribute it and/or modify
|
||||||
@ -239,12 +239,12 @@ $(document).ready(function() {
|
|||||||
|
|
||||||
function login(args, form_data) {
|
function login(args, form_data) {
|
||||||
$('body').css('cursor', 'progress');
|
$('body').css('cursor', 'progress');
|
||||||
|
form_data['csrfmiddlewaretoken'] = cookie.get('csrftoken');
|
||||||
$.ajax({
|
$.ajax({
|
||||||
type: 'POST',
|
type: 'POST',
|
||||||
url: './accounts/login/',
|
url: './accounts/login/',
|
||||||
data: form_data,
|
data: form_data,
|
||||||
success: function(response) {
|
success: function(response) {
|
||||||
// TODO nötig, da der csrf-token nach dem anmelden geändert wird und ich mir erst den neuen holen muss.
|
|
||||||
window.open(window.location.href, '_self');
|
window.open(window.location.href, '_self');
|
||||||
detach('#login');
|
detach('#login');
|
||||||
//$('button#do_login').addClass('d-none');
|
//$('button#do_login').addClass('d-none');
|
||||||
@ -258,13 +258,12 @@ $(document).ready(function() {
|
|||||||
// logout
|
// logout
|
||||||
$('#do_logout').click(function() {
|
$('#do_logout').click(function() {
|
||||||
$('body').css('cursor', 'progress');
|
$('body').css('cursor', 'progress');
|
||||||
let data = { csrfmiddlewaretoken: $('input[name=csrfmiddlewaretoken]').val() };
|
let form_data = {'csrfmiddlewaretoken': cookie.get('csrftoken') }
|
||||||
$.ajax({
|
$.ajax({
|
||||||
type: 'POST',
|
type: 'POST',
|
||||||
data: data,
|
data: form_data,
|
||||||
url: './accounts/logout/',
|
url: './accounts/logout/',
|
||||||
success: function(response) {
|
success: function(response) {
|
||||||
// TODO nötig, da der csrf-token nach dem anmelden geändert wird und ich mir erst den neuen holen muss.
|
|
||||||
window.open('./', '_self');
|
window.open('./', '_self');
|
||||||
//$('button#do_logout').addClass('d-none');
|
//$('button#do_logout').addClass('d-none');
|
||||||
//$('button#begin_edit').addClass('d-none');
|
//$('button#begin_edit').addClass('d-none');
|
||||||
@ -289,7 +288,6 @@ $(document).ready(function() {
|
|||||||
$(this).click(function() {
|
$(this).click(function() {
|
||||||
save_settings();
|
save_settings();
|
||||||
|
|
||||||
let csrf_token = $('input[name=csrfmiddlewaretoken]').val();
|
|
||||||
let value = Number($(this).attr('value'));
|
let value = Number($(this).attr('value'));
|
||||||
let year = Number($(this).parent('tr').attr('name'));
|
let year = Number($(this).parent('tr').attr('name'));
|
||||||
year += (year == 99) ? 1900 : 2000; // TODO fix this before the end of 2098
|
year += (year == 99) ? 1900 : 2000; // TODO fix this before the end of 2098
|
||||||
@ -302,7 +300,6 @@ $(document).ready(function() {
|
|||||||
if (settings['exists'] === false) { circulation = 0; }
|
if (settings['exists'] === false) { circulation = 0; }
|
||||||
|
|
||||||
let data = {
|
let data = {
|
||||||
csrfmiddlewaretoken: csrf_token,
|
|
||||||
value: value,
|
value: value,
|
||||||
year: year,
|
year: year,
|
||||||
country: country,
|
country: country,
|
||||||
@ -337,6 +334,7 @@ $(document).ready(function() {
|
|||||||
if (response) {
|
if (response) {
|
||||||
data['name'] = response['name'].trim().substring(0, 79); }
|
data['name'] = response['name'].trim().substring(0, 79); }
|
||||||
$(td).css('cursor', 'progress');
|
$(td).css('cursor', 'progress');
|
||||||
|
data['csrfmiddlewaretoken'] = cookie.get('csrftoken');
|
||||||
|
|
||||||
$.ajax({
|
$.ajax({
|
||||||
type: 'POST',
|
type: 'POST',
|
||||||
|
|||||||
@ -1,6 +1,3 @@
|
|||||||
{% load cache %}
|
|
||||||
{% csrf_token %}
|
|
||||||
{% cache None controlbar user %}
|
|
||||||
<style type="text/css">{% for user in users %}
|
<style type="text/css">{% for user in users %}
|
||||||
div.{{ user.name }} { background-color: {{ user.color }} !important; }{% endfor %}
|
div.{{ user.name }} { background-color: {{ user.color }} !important; }{% endfor %}
|
||||||
</style>
|
</style>
|
||||||
@ -115,7 +112,6 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
{% endcache %}
|
|
||||||
<!-- modal login -->
|
<!-- modal login -->
|
||||||
{% if not user.is_authenticated %}
|
{% if not user.is_authenticated %}
|
||||||
<div id="login" class="modal-container">
|
<div id="login" class="modal-container">
|
||||||
|
|||||||
@ -9,8 +9,8 @@
|
|||||||
</tr>
|
</tr>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
{% ifnotequal stamps|length 1 %}
|
{% if stamps|length != 1 %}
|
||||||
<tr>
|
<tr>
|
||||||
<td class="spacer" colspan="12"></td>
|
<td class="spacer" colspan="12"></td>
|
||||||
</tr>
|
</tr>
|
||||||
{% endifnotequal %}
|
{% endif %}
|
||||||
|
|||||||
@ -1,11 +1,9 @@
|
|||||||
{% load cache %}
|
|
||||||
{% cache None header %}
|
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<!--
|
<!--
|
||||||
|
|
||||||
coinc - a simple coinmanager
|
coinc - a simple coinmanager
|
||||||
|
|
||||||
Copyright (C) 2020 willipink.eu
|
Copyright (C) 2020-2022 willipink.eu
|
||||||
Author Moritz Münch moritzmuench@mailbox.org
|
Author Moritz Münch moritzmuench@mailbox.org
|
||||||
|
|
||||||
This program is free software: you can redistribute it and/or modify
|
This program is free software: you can redistribute it and/or modify
|
||||||
@ -55,4 +53,3 @@
|
|||||||
<title>{{ title }}</title>
|
<title>{{ title }}</title>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
{% endcache %}
|
|
||||||
|
|||||||
@ -21,7 +21,6 @@
|
|||||||
</button>
|
</button>
|
||||||
</div>
|
</div>
|
||||||
<div class="modal-body">
|
<div class="modal-body">
|
||||||
{% csrf_token %}
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="login_name">Name</label>
|
<label for="login_name">Name</label>
|
||||||
<input type="text" name="username" id="login_name" class="form-control">
|
<input type="text" name="username" id="login_name" class="form-control">
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
# encoding: utf-8
|
# encoding: utf-8
|
||||||
#
|
#
|
||||||
# Copyright (C) 2020 willipink.eu
|
# Copyright (C) 2020-2022 willipink.eu
|
||||||
# Author Moritz Münch moritzmuench@mailbox.org
|
# Author Moritz Münch moritzmuench@mailbox.org
|
||||||
#
|
#
|
||||||
# This program is free software: you can redistribute it and/or modify
|
# This program is free software: you can redistribute it and/or modify
|
||||||
@ -26,6 +26,7 @@ from django.http import HttpResponse, Http404
|
|||||||
from django.template import loader
|
from django.template import loader
|
||||||
from django.template.defaultfilters import register
|
from django.template.defaultfilters import register
|
||||||
from django.views.decorators.http import condition
|
from django.views.decorators.http import condition
|
||||||
|
from django.views.decorators.csrf import ensure_csrf_cookie
|
||||||
from django.utils.datastructures import MultiValueDictKeyError
|
from django.utils.datastructures import MultiValueDictKeyError
|
||||||
|
|
||||||
from .models import Country, Stamp, Coin, User
|
from .models import Country, Stamp, Coin, User
|
||||||
@ -52,6 +53,7 @@ def index(request):
|
|||||||
return HttpResponse(template.render(context, request))
|
return HttpResponse(template.render(context, request))
|
||||||
|
|
||||||
|
|
||||||
|
@ensure_csrf_cookie
|
||||||
def detail_country(request, name_iso):
|
def detail_country(request, name_iso):
|
||||||
''' wrapper_view for a *single* country '''
|
''' wrapper_view for a *single* country '''
|
||||||
|
|
||||||
@ -300,7 +302,7 @@ def add_coin(request, country, year, value):
|
|||||||
else:
|
else:
|
||||||
|
|
||||||
name = request.POST.get('name')
|
name = request.POST.get('name')
|
||||||
name = str(name) if name else None
|
name = str(name) if name else ''
|
||||||
|
|
||||||
found_by = request.POST.get('found_by')
|
found_by = request.POST.get('found_by')
|
||||||
found_by = str(found_by) if found_by else None
|
found_by = str(found_by) if found_by else None
|
||||||
|
|||||||
@ -44,9 +44,9 @@ INSTALLED_APPS = [
|
|||||||
MIDDLEWARE = [
|
MIDDLEWARE = [
|
||||||
'django.middleware.security.SecurityMiddleware',
|
'django.middleware.security.SecurityMiddleware',
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||||
# 'django.middleware.cache.UpdateCacheMiddleware',
|
# 'django.middleware.cache.UpdateCacheMiddleware', # per-site cache
|
||||||
'django.middleware.common.CommonMiddleware',
|
'django.middleware.common.CommonMiddleware',
|
||||||
# 'django.middleware.cache.FetchFromCacheMiddleware',
|
# 'django.middleware.cache.FetchFromCacheMiddleware', # per-site cache
|
||||||
'django.middleware.csrf.CsrfViewMiddleware',
|
'django.middleware.csrf.CsrfViewMiddleware',
|
||||||
# 'django.middleware.http.ConditionalGetMiddleware', # set 'ETag' and 'Last Modified' headers
|
# 'django.middleware.http.ConditionalGetMiddleware', # set 'ETag' and 'Last Modified' headers
|
||||||
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user