Fix issue #27

[shuki25]

This PR fixes issues with setting CSRF token in Ajax calls. Some Django sites have CSRF_COOKIE_HTTPONLY=True which caused getCookie('csrftoken') to return null, thereby never passing on the csrftoken to the server leading to a 403 error.

With this patch, it checks for csrftoken cookie and if it's null, it will look for a hidden input named csrfmiddlewaretoken in the document and returns the CSRF token if it's available. If neither is available, it will return null and could lead to a 403 error.

[morlandi]

Thank you very much for this great contribution. I'll check it and publish a new version merging your PR in the next days.

[morlandi]

@shuki25 I'm a little bit puzzled, since I was unable to reproduce Issue #27 even when adding CSRF_COOKIE_HTTPONLY = True to the project settings. However, since you're modification doesn't hurt either, I merged your PR; hopefully that might help in some situations. Thank you

[shuki25]

I think two specific settings would cause that issue, not just HTTPONLY setting. I’m currently traveling and when I have time, I will look in my settings and see exactly what my settings were.

On Fri, May 28, 2021 at 10:55 morlandi @.***> wrote:

@shuki25 https://github.com/shuki25 I'm a little bit puzzled, since I was unable to reproduce Issue #27 https://github.com/morlandi/django-ajax-datatable/issues/27 even when adding CSRF_COOKIE_HTTPONLY = True to the project settings. However, since you're modification doesn't hurt either, I merged your PR; hopefully that might help in some situations. Thank you

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/morlandi/django-ajax-datatable/pull/28#issuecomment-850477387, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHPLINWDD3IFQ7ORI4S2RULTP6VHXANCNFSM45FFJITQ .

[morlandi]

thank you @shuki25