mirror of
https://expo.survex.com/repositories/troggle/.git
synced 2024-11-22 07:11:52 +00:00
attempting to enable csrf cookie robustly
This commit is contained in:
Philip Sargent
parent
f5e799d632
commit
1c7e99e91b
@ -128,11 +128,11 @@ INSTALLED_APPS = (
|
||||
)
|
||||
|
||||
MIDDLEWARE_CLASSES = (
|
||||
'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST
|
||||
'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST
|
||||
'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions across requests
|
||||
'django.middleware.common.CommonMiddleware', # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW
|
||||
'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST
|
||||
'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user, to every incoming HttpRequest
|
||||
'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user
|
||||
'django.contrib.admindocs.middleware.XViewMiddleware',
|
||||
'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support
|
||||
'django.middleware.clickjacking.XFrameOptionsMiddleware', # clickjacking protection via the X-Frame-Options header
|
||||
|
||||
@ -23,7 +23,7 @@
|
||||
You are logged in as {{ user.username }}
|
||||
{% if user.person %}(<a href="{{ user.person.get_absolute_url }}">{{ user.person }}</a>)
|
||||
{% endif %}.
|
||||
| <a href="{% url "auth_logout" %}">Log out</a> {% else %} <a href="{% url "registration_register" %}">Sign up</a> | <a href="{% url "auth_login" %}">Log in</a> {% endif %}
|
||||
| <a href="{% url "auth_logout" %}">Log out</a> {% else %} <a href='{% url "registration_register" %}'>Sign up</a> | <a href='{% url "auth_login" %}'>Log in</a> {% endif %}
|
||||
{% endblock%}
|
||||
{% block editLink %}
|
||||
|
||||
@ -40,14 +40,9 @@
|
||||
<a href="{% url "survexcavessingle" "204" %}">Surveys-204</a> |
|
||||
<a href="{% url "expedition" 2018 %}">Expo2018</a> |
|
||||
<a href="{% url "expedition" 2019 %}">Expo2019</a> |
|
||||
|
||||
|
||||
<br>
|
||||
|
||||
|
||||
<a id="cuccLink" href="https://camcaving.uk">cucc server</a> |
|
||||
<a id="expoWebsiteLink" href="http://expo.survex.com">expo server</a> |
|
||||
|
||||
|
||||
<a href="{% url "frontpage" %}">tasks to do </a> |
|
||||
<a id="cavesLink" href="{% url "caveindex" %}">caves</a> |
|
||||
@ -59,14 +54,11 @@
|
||||
</div>
|
||||
|
||||
<div id="nav">
|
||||
|
||||
{% block nav %}
|
||||
<!-- Use id="nav" for the left side menu -->
|
||||
{% endblock %}
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
<div id="content" >
|
||||
|
||||
{% block contentheader %}
|
||||
@ -80,15 +72,11 @@
|
||||
</script>
|
||||
{% endblock %}
|
||||
</div>
|
||||
|
||||
{% block content %}
|
||||
REPLACE : The content
|
||||
{% endblock %}
|
||||
|
||||
</div>
|
||||
|
||||
<div class="footer">
|
||||
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
@ -9,7 +9,7 @@
|
||||
{% autoescape off %}
|
||||
<h1>Surveys for <a href="/{{cave.url}}">{{cave.official_name}}</a> - kataster:{{cave}}</h1>
|
||||
{% endautoescape %}
|
||||
<!-- the only thing passed into this temnplate is the object identifier for a cave.
|
||||
<!-- the only thing passed into this temnlate is the object identifier for a cave.
|
||||
All the processing to extract the survex subdriectories and survex files is done in this template -->
|
||||
|
||||
<p>Cave description: <a href="/{{cave.url}}">{{cave.url}}</a>
|
||||
|
||||
@ -1,13 +1,14 @@
|
||||
{% extends "base.html" %}
|
||||
{% load survex_markup %}
|
||||
{% load survex_markup %} <!-- this is core/templatetags/survex_markup.py for syntax colouring -->
|
||||
|
||||
{% block title %}{{ title }}{% endblock %}
|
||||
|
||||
{% block head %}
|
||||
<script type="text/javascript" src="{{settings.MEDIA_URL }}js/base.js"></script>
|
||||
<script type="text/javascript" src="{{settings.JSLIB_URL}}jquery-form/jquery.form.min.js"></script> <!-- INVALID-->
|
||||
<script type="text/javascript" src="{{settings.JSLIB_URL}}codemirror/codemirror.min.js"></script> <!-- INVALID-->
|
||||
<!-- <script type="text/javascript" src="{{settings.JSLIB_URL}}jquery-form/jquery.form.min.js"></script> <!-- INVALID-->
|
||||
<!-- <script type="text/javascript" src="{{settings.JSLIB_URL}}codemirror/codemirror.min.js"></script> <!-- INVALID-->
|
||||
|
||||
<!-- Not in use and not needed for simple text editor jquery
|
||||
<script type="text/javascript">
|
||||
var codeeditor;
|
||||
$(document).ready(function()
|
||||
@ -33,16 +34,17 @@ $(document).ready(function()
|
||||
});
|
||||
|
||||
</script>
|
||||
-->
|
||||
{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<h1>Survex File: {{ title }}</h1>
|
||||
|
||||
{% if svxincludes %}
|
||||
<p><b>Included files:</b>
|
||||
{% for svxinclude in svxincludes %}
|
||||
<a href="{{svxinclude}}.svx">{{svxinclude}}</a>
|
||||
{% endfor %}
|
||||
<p><b>Included files:</b>
|
||||
{% for svxinclude in svxincludes %}
|
||||
<a href="{{svxinclude}}.svx">{{svxinclude}}</a>
|
||||
{% endfor %}
|
||||
</p>
|
||||
{% endif %}
|
||||
|
||||
@ -61,15 +63,15 @@ $(document).ready(function()
|
||||
</pre>
|
||||
|
||||
{% if logmessage %}
|
||||
{% if has_3d %}
|
||||
<p><a href="{% url "threed" title %}">3d file</a></p>
|
||||
{% else %}
|
||||
<p><b>No 3d file</b></p>
|
||||
{% endif %}
|
||||
<pre>
|
||||
LOGMESSAGES
|
||||
{{logmessage}}
|
||||
</pre>
|
||||
{% if has_3d %}
|
||||
<p><a href='{% url "threed" title %}'>3d file</a></p>
|
||||
{% else %}
|
||||
<p><b>No 3d file</b></p>
|
||||
{% endif %}
|
||||
<pre>
|
||||
LOGMESSAGES
|
||||
{{logmessage}}
|
||||
</pre>
|
||||
{% endif %}
|
||||
</div>
|
||||
|
||||
|
||||
@ -5,14 +5,14 @@
|
||||
</pre>
|
||||
|
||||
{% if logmessage %}
|
||||
{% if has_3d %}
|
||||
<p><a href="{% url "threed" title %}">3d file</a></p>
|
||||
{% else %}
|
||||
<p><b>No 3d file</b></p>
|
||||
{% endif %}
|
||||
<pre>
|
||||
LOGMESSAGES
|
||||
{{logmessage}}
|
||||
</pre>
|
||||
{% if has_3d %}
|
||||
<p><a href='{% url "threed" title %}'>3d file</a></p>
|
||||
{% else %}
|
||||
<p><b>No 3d file</b></p>
|
||||
{% endif %}
|
||||
<pre>
|
||||
LOGMESSAGES
|
||||
{{logmessage}}
|
||||
</pre>
|
||||
{% endif %}
|
||||
|
||||
|
||||
3
urls.py
3
urls.py
@ -115,9 +115,8 @@ actualurlpatterns = [
|
||||
url(r'^survexfile/(?P<survex_file>.*?)\.log$', views_survex.svxraw),
|
||||
url(r'^survexfile/(?P<survex_file>.*?)\.err$', views_survex.err),
|
||||
|
||||
url(r'^survexfile/caves/$', views_survex.survexcaveslist, name="survexcaveslist"),
|
||||
url(r'^survexfile/caves/$', views_survex.survexcaveslist, name="survexcaveslist"),
|
||||
url(r'^survexfile/(?P<survex_cave>.*)$', views_survex.survexcavesingle, name="survexcavessingle"),
|
||||
url(r'^survexfileraw/(?P<survex_file>.*?)\.svx$', views_survex.svxraw, name="svxraw"),
|
||||
|
||||
# url(r'^survey_files/download/(?P<path>.*)$', view_surveys.download), # needs rewriting
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user