moritz/coinmanager
1
0
Fork 0
Code Issues 22 Pull Requests Releases Wiki Activity

fix #51: disable all caching, remove etag and last modified headers, add csrftoken cookie to ajax post requests

Browse Source
This commit is contained in:
Moritz Münch 2022-01-09 23:04:25 +01:00
parent d144d1cc7a
commit 4b3aeb00ef
7 changed files with 14 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
coinmanager/coinc/static/coinc/main.js
View File

@ -1,6 +1,6 @@
/*
Copyright (C) 2020 willipink.eu
Copyright (C) 2020-2022 willipink.eu
Author Moritz Münch moritzmuench@mailbox.org
This program is free software: you can redistribute it and/or modify
@ -239,12 +239,12 @@ $(document).ready(function() {
function login(args, form_data) {
$('body').css('cursor', 'progress');
form_data['csrfmiddlewaretoken'] = cookie.get('csrftoken');
$.ajax({
type: 'POST',
url: './accounts/login/',
data: form_data,
success: function(response) {
// TODO nötig, da der csrf-token nach dem anmelden geändert wird und ich mir erst den neuen holen muss.
window.open(window.location.href, '_self');
detach('#login');
//$('button#do_login').addClass('d-none');
@ -258,13 +258,12 @@ $(document).ready(function() {
// logout
$('#do_logout').click(function() {
$('body').css('cursor', 'progress');
let data = { csrfmiddlewaretoken: $('input[name=csrfmiddlewaretoken]').val() };
let form_data = {'csrfmiddlewaretoken': cookie.get('csrftoken') }
$.ajax({
type: 'POST',
data: data,
data: form_data,
url: './accounts/logout/',
success: function(response) {
// TODO nötig, da der csrf-token nach dem anmelden geändert wird und ich mir erst den neuen holen muss.
window.open('./', '_self');
//$('button#do_logout').addClass('d-none');
//$('button#begin_edit').addClass('d-none');
@ -289,7 +288,6 @@ $(document).ready(function() {
$(this).click(function() {
save_settings();
let csrf_token = $('input[name=csrfmiddlewaretoken]').val();
let value = Number($(this).attr('value'));
let year = Number($(this).parent('tr').attr('name'));
year += (year == 99) ? 1900 : 2000; // TODO fix this before the end of 2098
@ -302,7 +300,6 @@ $(document).ready(function() {
if (settings['exists'] === false) { circulation = 0; }
let data = {
csrfmiddlewaretoken: csrf_token,
value: value,
year: year,
country: country,
@ -337,6 +334,7 @@ $(document).ready(function() {
if (response) {
data['name'] = response['name'].trim().substring(0, 79); }
$(td).css('cursor', 'progress');
data['csrfmiddlewaretoken'] = cookie.get('csrftoken');
$.ajax({
type: 'POST',

4
coinmanager/coinc/templates/coinc/controlbar.html
View File

@ -1,6 +1,3 @@
{% load cache %}
{% csrf_token %}
{% cache None controlbar user %}
<style type="text/css">{% for user in users %}
div.{{ user.name }} { background-color: {{ user.color }} !important; }{% endfor %}
</style>
@ -115,7 +112,6 @@
</div>
</div>
</div>
{% endcache %}
<!-- modal login -->
{% if not user.is_authenticated %}
<div id="login" class="modal-container">

4
coinmanager/coinc/templates/coinc/year.html
View File

@ -9,8 +9,8 @@
</tr>
{% endfor %}
{% ifnotequal stamps|length 1 %}
{% if stamps|length != 1 %}
<tr>
<td class="spacer" colspan="12"></td>
</tr>
{% endifnotequal %}
{% endif %}

5
coinmanager/coinc/templates/header.html
View File

@ -1,11 +1,9 @@
{% load cache %}
{% cache None header %}
<!DOCTYPE html>
<!--
coinc - a simple coinmanager
Copyright (C) 2020 willipink.eu
Copyright (C) 2020-2022 willipink.eu
Author Moritz Münch moritzmuench@mailbox.org
This program is free software: you can redistribute it and/or modify
@ -55,4 +53,3 @@
<title>{{ title }}</title>
</head>
<body>
{% endcache %}

1
coinmanager/coinc/templates/registration/login.html
View File

@ -21,7 +21,6 @@
</button>
</div>
<div class="modal-body">
{% csrf_token %}
<div class="form-group">
<label for="login_name">Name</label>
<input type="text" name="username" id="login_name" class="form-control">

6
coinmanager/coinc/views.py
View File

@ -1,6 +1,6 @@
# encoding: utf-8
#
# Copyright (C) 2020 willipink.eu
# Copyright (C) 2020-2022 willipink.eu
# Author Moritz Münch moritzmuench@mailbox.org
#
# This program is free software: you can redistribute it and/or modify
@ -26,6 +26,7 @@ from django.http import HttpResponse, Http404
from django.template import loader
from django.template.defaultfilters import register
from django.views.decorators.http import condition
from django.views.decorators.csrf import ensure_csrf_cookie
from django.utils.datastructures import MultiValueDictKeyError
from .models import Country, Stamp, Coin, User
@ -52,6 +53,7 @@ def index(request):
return HttpResponse(template.render(context, request))
@ensure_csrf_cookie
def detail_country(request, name_iso):
''' wrapper_view for a *single* country '''
@ -300,7 +302,7 @@ def add_coin(request, country, year, value):
else:
name = request.POST.get('name')
name = str(name) if name else None
name = str(name) if name else ''
found_by = request.POST.get('found_by')
found_by = str(found_by) if found_by else None

4
coinmanager/coinmanager/production_settings.py
View File

@ -44,9 +44,9 @@ INSTALLED_APPS = [
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
# 'django.middleware.cache.UpdateCacheMiddleware',
# 'django.middleware.cache.UpdateCacheMiddleware', # per-site cache
'django.middleware.common.CommonMiddleware',
# 'django.middleware.cache.FetchFromCacheMiddleware',
# 'django.middleware.cache.FetchFromCacheMiddleware', # per-site cache
'django.middleware.csrf.CsrfViewMiddleware',
# 'django.middleware.http.ConditionalGetMiddleware', # set 'ETag' and 'Last Modified' headers
'django.contrib.auth.middleware.AuthenticationMiddleware',