csrf-correction
This commit is contained in:
@@ -40,3 +40,13 @@ function timestampToLocalISOString(timestamp) {
|
||||
return toLocalISOString(date);
|
||||
}
|
||||
|
||||
function getCookie(name) {
|
||||
const match = document.cookie.match('(?:^|; )' + name + '=([^;]*)');
|
||||
return match ? decodeURIComponent(match[1]) : null;
|
||||
}
|
||||
|
||||
function csrfFetch(url, options = {}) {
|
||||
options.headers = { ...(options.headers || {}), 'X-CSRFToken': getCookie('csrftoken') };
|
||||
return fetch(url, options);
|
||||
}
|
||||
|
||||
|
||||
@@ -58,7 +58,7 @@
|
||||
});
|
||||
});
|
||||
function export_csv(url, pid, mode) {
|
||||
fetch(url, {
|
||||
csrfFetch(url, {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
|
||||
@@ -11,7 +11,6 @@ from django.contrib import messages
|
||||
from django.http import JsonResponse, FileResponse
|
||||
from django.shortcuts import redirect
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from django.shortcuts import render #, redirect
|
||||
from django.views.decorators.http import require_GET
|
||||
from django.contrib.auth.decorators import login_required
|
||||
@@ -85,8 +84,7 @@ def get_active_session(request, session_id=None, experiment_id=None):
|
||||
# Vue :Export CSV depuis ReductStore
|
||||
# ---------------------------------------------------------------------------
|
||||
@login_required
|
||||
@csrf_exempt
|
||||
def export_metrics(request):
|
||||
def export_metrics(request):
|
||||
data = json.loads(request.body.decode() or "{}")
|
||||
action = data.get("action")
|
||||
pid = data.get("pid")
|
||||
|
||||
@@ -171,7 +171,7 @@ class ReplayManager {
|
||||
const ok = confirm(`Télécharger le fichier ?\n\n${filename}`);
|
||||
if (!ok) return false;
|
||||
|
||||
fetch(this.video_endpoint, {
|
||||
csrfFetch(this.video_endpoint, {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
|
||||
@@ -101,7 +101,7 @@
|
||||
function download_all_images(sid) {
|
||||
const ok = confirm(export_msg +' '+ export_msg_long);
|
||||
if (!ok) return false;
|
||||
fetch(image_endpoint, {
|
||||
csrfFetch(image_endpoint, {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
|
||||
@@ -86,8 +86,8 @@
|
||||
|
||||
function download_all_videos(sid) {
|
||||
const ok = confirm(export_msg);
|
||||
if (!ok) return false;
|
||||
fetch(image_endpoint, {
|
||||
if (!ok) return false;
|
||||
csrfFetch(image_endpoint, {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
|
||||
@@ -6,7 +6,6 @@ from django.shortcuts import render #, redirect
|
||||
from django.http import JsonResponse, FileResponse
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from django.views.decorators.http import require_GET, require_POST
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from django.contrib.auth.decorators import login_required, user_passes_test
|
||||
from django.conf import settings
|
||||
from django.utils import timezone
|
||||
@@ -252,7 +251,6 @@ def export_medias(request):
|
||||
|
||||
|
||||
@require_POST
|
||||
@csrf_exempt
|
||||
def download_api(request):
|
||||
data = json.loads(request.body.decode() or "{}")
|
||||
try:
|
||||
@@ -314,7 +312,6 @@ def replay_view(request):
|
||||
|
||||
|
||||
@require_POST
|
||||
@csrf_exempt
|
||||
def export_api(request):
|
||||
data = json.loads(request.body.decode() or "{}")
|
||||
session_id = data.get("sid")
|
||||
|
||||
Reference in New Issue
Block a user