csrf-correction
This commit is contained in:
@@ -17,7 +17,7 @@ echo
|
|||||||
|
|
||||||
# system
|
# system
|
||||||
echo "==== system essential"
|
echo "==== system essential"
|
||||||
sudo apt -y install build-essential openssl git pkg-config redis supervisor sqlitebrowser samba-client cifs-utils gettext
|
sudo apt -y install build-essential openssl git pkg-config redis supervisor sqlitebrowser samba-client cifs-utils gettext avahi-daemon
|
||||||
|
|
||||||
echo "==== python3 install"
|
echo "==== python3 install"
|
||||||
sudo apt -y install python3-dev python3-pip python3-venv libpq-dev default-libmysqlclient-dev libmariadb-dev python3-picamera2
|
sudo apt -y install python3-dev python3-pip python3-venv libpq-dev default-libmysqlclient-dev libmariadb-dev python3-picamera2
|
||||||
|
|||||||
@@ -40,3 +40,13 @@ function timestampToLocalISOString(timestamp) {
|
|||||||
return toLocalISOString(date);
|
return toLocalISOString(date);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function getCookie(name) {
|
||||||
|
const match = document.cookie.match('(?:^|; )' + name + '=([^;]*)');
|
||||||
|
return match ? decodeURIComponent(match[1]) : null;
|
||||||
|
}
|
||||||
|
|
||||||
|
function csrfFetch(url, options = {}) {
|
||||||
|
options.headers = { ...(options.headers || {}), 'X-CSRFToken': getCookie('csrftoken') };
|
||||||
|
return fetch(url, options);
|
||||||
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -58,7 +58,7 @@
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
function export_csv(url, pid, mode) {
|
function export_csv(url, pid, mode) {
|
||||||
fetch(url, {
|
csrfFetch(url, {
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
headers: { 'Content-Type': 'application/json' },
|
headers: { 'Content-Type': 'application/json' },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
|
|||||||
@@ -11,7 +11,6 @@ from django.contrib import messages
|
|||||||
from django.http import JsonResponse, FileResponse
|
from django.http import JsonResponse, FileResponse
|
||||||
from django.shortcuts import redirect
|
from django.shortcuts import redirect
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from django.views.decorators.csrf import csrf_exempt
|
|
||||||
from django.shortcuts import render #, redirect
|
from django.shortcuts import render #, redirect
|
||||||
from django.views.decorators.http import require_GET
|
from django.views.decorators.http import require_GET
|
||||||
from django.contrib.auth.decorators import login_required
|
from django.contrib.auth.decorators import login_required
|
||||||
@@ -85,8 +84,7 @@ def get_active_session(request, session_id=None, experiment_id=None):
|
|||||||
# Vue :Export CSV depuis ReductStore
|
# Vue :Export CSV depuis ReductStore
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
@login_required
|
@login_required
|
||||||
@csrf_exempt
|
def export_metrics(request):
|
||||||
def export_metrics(request):
|
|
||||||
data = json.loads(request.body.decode() or "{}")
|
data = json.loads(request.body.decode() or "{}")
|
||||||
action = data.get("action")
|
action = data.get("action")
|
||||||
pid = data.get("pid")
|
pid = data.get("pid")
|
||||||
|
|||||||
@@ -171,7 +171,7 @@ class ReplayManager {
|
|||||||
const ok = confirm(`Télécharger le fichier ?\n\n${filename}`);
|
const ok = confirm(`Télécharger le fichier ?\n\n${filename}`);
|
||||||
if (!ok) return false;
|
if (!ok) return false;
|
||||||
|
|
||||||
fetch(this.video_endpoint, {
|
csrfFetch(this.video_endpoint, {
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
headers: { 'Content-Type': 'application/json' },
|
headers: { 'Content-Type': 'application/json' },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
|
|||||||
@@ -101,7 +101,7 @@
|
|||||||
function download_all_images(sid) {
|
function download_all_images(sid) {
|
||||||
const ok = confirm(export_msg +' '+ export_msg_long);
|
const ok = confirm(export_msg +' '+ export_msg_long);
|
||||||
if (!ok) return false;
|
if (!ok) return false;
|
||||||
fetch(image_endpoint, {
|
csrfFetch(image_endpoint, {
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
headers: { 'Content-Type': 'application/json' },
|
headers: { 'Content-Type': 'application/json' },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
|
|||||||
@@ -86,8 +86,8 @@
|
|||||||
|
|
||||||
function download_all_videos(sid) {
|
function download_all_videos(sid) {
|
||||||
const ok = confirm(export_msg);
|
const ok = confirm(export_msg);
|
||||||
if (!ok) return false;
|
if (!ok) return false;
|
||||||
fetch(image_endpoint, {
|
csrfFetch(image_endpoint, {
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
headers: { 'Content-Type': 'application/json' },
|
headers: { 'Content-Type': 'application/json' },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
|
|||||||
@@ -6,7 +6,6 @@ from django.shortcuts import render #, redirect
|
|||||||
from django.http import JsonResponse, FileResponse
|
from django.http import JsonResponse, FileResponse
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from django.views.decorators.http import require_GET, require_POST
|
from django.views.decorators.http import require_GET, require_POST
|
||||||
from django.views.decorators.csrf import csrf_exempt
|
|
||||||
from django.contrib.auth.decorators import login_required, user_passes_test
|
from django.contrib.auth.decorators import login_required, user_passes_test
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
@@ -252,7 +251,6 @@ def export_medias(request):
|
|||||||
|
|
||||||
|
|
||||||
@require_POST
|
@require_POST
|
||||||
@csrf_exempt
|
|
||||||
def download_api(request):
|
def download_api(request):
|
||||||
data = json.loads(request.body.decode() or "{}")
|
data = json.loads(request.body.decode() or "{}")
|
||||||
try:
|
try:
|
||||||
@@ -314,7 +312,6 @@ def replay_view(request):
|
|||||||
|
|
||||||
|
|
||||||
@require_POST
|
@require_POST
|
||||||
@csrf_exempt
|
|
||||||
def export_api(request):
|
def export_api(request):
|
||||||
data = json.loads(request.body.decode() or "{}")
|
data = json.loads(request.body.decode() or "{}")
|
||||||
session_id = data.get("sid")
|
session_id = data.get("sid")
|
||||||
|
|||||||
Reference in New Issue
Block a user