Skip to content

Commit 8749f2c

Browse files
nagyvnagyv
committed
settings.CSRF_COOKIE_NAME changes are acknowledged with the use of a new
middleware
1 parent 5a8944d commit 8749f2c

File tree

5 files changed

+20
-3
lines changed

5 files changed

+20
-3
lines changed

cms/context_processors.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,6 @@ def media(request):
77
Adds media-related context variables to the context.
88
"""
99
return {'CMS_MEDIA_URL': get_cms_setting('MEDIA_URL')}
10+
11+
def csrf_cookie_name(request):
12+
return {'CSRF_COOKIE_NAME': settings.CSRF_COOKIE_NAME}

cms/static/cms/js/csrf.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ $.ajaxSetup({
3434
}
3535
if(!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url)) || base_doc_url == base_settings_url) {
3636
// Only send the token to relative URLs i.e. locally.
37-
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
37+
xhr.setRequestHeader("X-CSRFToken", getCookie(csrf_cookie_name));
3838
settings.csrfTokenSet = true;
3939
}
4040
}
@@ -81,7 +81,7 @@ base_settings_url = base_settings_url[0];
8181
}
8282
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url)) || base_doc_url == base_settings_url) {
8383
// Only send the token to relative URLs i.e. locally.
84-
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
84+
xhr.setRequestHeader("X-CSRFToken", getCookie(csrf_cookie_name));
8585
settings.csrfTokenSet = true;
8686
}
8787
}

cms/static/cms/js/plugins/cms.base.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@
5858
}
5959
if(!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url)) || base_doc_url == base_settings_url) {
6060
// Only send the token to relative URLs i.e. locally.
61-
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
61+
xhr.setRequestHeader("X-CSRFToken", getCookie(csrf_cookie_name));
6262
settings.csrfTokenSet = true;
6363
}
6464
}

cms/templates/admin/cms/page/change_form.html

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@
55

66
{% block extrahead %}
77
{{ block.super }}
8+
<script type="text/javascript">
9+
var csrf_cookie_name = "{{CSRF_COOKIE_NAME|default:'csrftoken'}}";
10+
</script>
811
<script type="text/javascript" src="{{ STATIC_URL }}cms/js/csrf.js"></script>
912
<script type="text/javascript" src="{% url 'admin:jsi18n' %}"></script>
1013

docs/getting_started/configuration.rst

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -506,6 +506,17 @@ If you have a huge site you can easily partition the menu with this.
506506
Advanced Settings
507507
*****************
508508

509+
CSRF_COOKIE_NAME
510+
=================
511+
512+
In case you've overwritten the default Django `CSRF_COOKIE_NAME` setting, then you should
513+
inform Django-CMS about this by using a context processor dedicated for this. Extend the list
514+
of `TEMPLATE_CONTEXT_PROCESSORS` with
515+
516+
.. code-block:: python
517+
518+
'cms.context_processors.csrf_cookie_name',
519+
509520
.. setting:: CMS_PERMISSION
510521

511522
CMS_PERMISSION

0 commit comments

Comments
 (0)