mirror of
https://expo.survex.com/repositories/troggle/.git
synced 2024-11-22 15:21:52 +00:00
attempting to enable csrf cookie robustly
This commit is contained in:
Philip Sargent
parent
f5e799d632
commit
1c7e99e91b
@ -128,11 +128,11 @@ INSTALLED_APPS = (
|
|||||||
)
|
)
|
||||||
|
|
||||||
MIDDLEWARE_CLASSES = (
|
MIDDLEWARE_CLASSES = (
|
||||||
|
'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST
|
||||||
'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST
|
'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions across requests
|
'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions across requests
|
||||||
'django.middleware.common.CommonMiddleware', # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW
|
'django.middleware.common.CommonMiddleware', # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW
|
||||||
'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST
|
'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user
|
||||||
'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user, to every incoming HttpRequest
|
|
||||||
'django.contrib.admindocs.middleware.XViewMiddleware',
|
'django.contrib.admindocs.middleware.XViewMiddleware',
|
||||||
'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support
|
'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support
|
||||||
'django.middleware.clickjacking.XFrameOptionsMiddleware', # clickjacking protection via the X-Frame-Options header
|
'django.middleware.clickjacking.XFrameOptionsMiddleware', # clickjacking protection via the X-Frame-Options header
|
||||||
|
|||||||
@ -23,7 +23,7 @@
|
|||||||
You are logged in as {{ user.username }}
|
You are logged in as {{ user.username }}
|
||||||
{% if user.person %}(<a href="{{ user.person.get_absolute_url }}">{{ user.person }}</a>)
|
{% if user.person %}(<a href="{{ user.person.get_absolute_url }}">{{ user.person }}</a>)
|
||||||
{% endif %}.
|
{% endif %}.
|
||||||
| <a href="{% url "auth_logout" %}">Log out</a> {% else %} <a href="{% url "registration_register" %}">Sign up</a> | <a href="{% url "auth_login" %}">Log in</a> {% endif %}
|
| <a href="{% url "auth_logout" %}">Log out</a> {% else %} <a href='{% url "registration_register" %}'>Sign up</a> | <a href='{% url "auth_login" %}'>Log in</a> {% endif %}
|
||||||
{% endblock%}
|
{% endblock%}
|
||||||
{% block editLink %}
|
{% block editLink %}
|
||||||
|
|
||||||
@ -40,15 +40,10 @@
|
|||||||
<a href="{% url "survexcavessingle" "204" %}">Surveys-204</a> |
|
<a href="{% url "survexcavessingle" "204" %}">Surveys-204</a> |
|
||||||
<a href="{% url "expedition" 2018 %}">Expo2018</a> |
|
<a href="{% url "expedition" 2018 %}">Expo2018</a> |
|
||||||
<a href="{% url "expedition" 2019 %}">Expo2019</a> |
|
<a href="{% url "expedition" 2019 %}">Expo2019</a> |
|
||||||
|
|
||||||
|
|
||||||
<br>
|
<br>
|
||||||
|
|
||||||
|
|
||||||
<a id="cuccLink" href="https://camcaving.uk">cucc server</a> |
|
<a id="cuccLink" href="https://camcaving.uk">cucc server</a> |
|
||||||
<a id="expoWebsiteLink" href="http://expo.survex.com">expo server</a> |
|
<a id="expoWebsiteLink" href="http://expo.survex.com">expo server</a> |
|
||||||
|
|
||||||
|
|
||||||
<a href="{% url "frontpage" %}">tasks to do </a> |
|
<a href="{% url "frontpage" %}">tasks to do </a> |
|
||||||
<a id="cavesLink" href="{% url "caveindex" %}">caves</a> |
|
<a id="cavesLink" href="{% url "caveindex" %}">caves</a> |
|
||||||
<a id="caversLink" href="{% url "personindex" %}">people</a> |
|
<a id="caversLink" href="{% url "personindex" %}">people</a> |
|
||||||
@ -59,14 +54,11 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div id="nav">
|
<div id="nav">
|
||||||
|
|
||||||
{% block nav %}
|
{% block nav %}
|
||||||
<!-- Use id="nav" for the left side menu -->
|
<!-- Use id="nav" for the left side menu -->
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<div id="content" >
|
<div id="content" >
|
||||||
|
|
||||||
{% block contentheader %}
|
{% block contentheader %}
|
||||||
@ -80,15 +72,11 @@
|
|||||||
</script>
|
</script>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
REPLACE : The content
|
REPLACE : The content
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="footer">
|
<div class="footer">
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|||||||
@ -9,7 +9,7 @@
|
|||||||
{% autoescape off %}
|
{% autoescape off %}
|
||||||
<h1>Surveys for <a href="/{{cave.url}}">{{cave.official_name}}</a> - kataster:{{cave}}</h1>
|
<h1>Surveys for <a href="/{{cave.url}}">{{cave.official_name}}</a> - kataster:{{cave}}</h1>
|
||||||
{% endautoescape %}
|
{% endautoescape %}
|
||||||
<!-- the only thing passed into this temnplate is the object identifier for a cave.
|
<!-- the only thing passed into this temnlate is the object identifier for a cave.
|
||||||
All the processing to extract the survex subdriectories and survex files is done in this template -->
|
All the processing to extract the survex subdriectories and survex files is done in this template -->
|
||||||
|
|
||||||
<p>Cave description: <a href="/{{cave.url}}">{{cave.url}}</a>
|
<p>Cave description: <a href="/{{cave.url}}">{{cave.url}}</a>
|
||||||
|
|||||||
@ -1,13 +1,14 @@
|
|||||||
{% extends "base.html" %}
|
{% extends "base.html" %}
|
||||||
{% load survex_markup %}
|
{% load survex_markup %} <!-- this is core/templatetags/survex_markup.py for syntax colouring -->
|
||||||
|
|
||||||
{% block title %}{{ title }}{% endblock %}
|
{% block title %}{{ title }}{% endblock %}
|
||||||
|
|
||||||
{% block head %}
|
{% block head %}
|
||||||
<script type="text/javascript" src="{{settings.MEDIA_URL }}js/base.js"></script>
|
<script type="text/javascript" src="{{settings.MEDIA_URL }}js/base.js"></script>
|
||||||
<script type="text/javascript" src="{{settings.JSLIB_URL}}jquery-form/jquery.form.min.js"></script> <!-- INVALID-->
|
<!-- <script type="text/javascript" src="{{settings.JSLIB_URL}}jquery-form/jquery.form.min.js"></script> <!-- INVALID-->
|
||||||
<script type="text/javascript" src="{{settings.JSLIB_URL}}codemirror/codemirror.min.js"></script> <!-- INVALID-->
|
<!-- <script type="text/javascript" src="{{settings.JSLIB_URL}}codemirror/codemirror.min.js"></script> <!-- INVALID-->
|
||||||
|
|
||||||
|
<!-- Not in use and not needed for simple text editor jquery
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
var codeeditor;
|
var codeeditor;
|
||||||
$(document).ready(function()
|
$(document).ready(function()
|
||||||
@ -33,16 +34,17 @@ $(document).ready(function()
|
|||||||
});
|
});
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
|
-->
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
<h1>Survex File: {{ title }}</h1>
|
<h1>Survex File: {{ title }}</h1>
|
||||||
|
|
||||||
{% if svxincludes %}
|
{% if svxincludes %}
|
||||||
<p><b>Included files:</b>
|
<p><b>Included files:</b>
|
||||||
{% for svxinclude in svxincludes %}
|
{% for svxinclude in svxincludes %}
|
||||||
<a href="{{svxinclude}}.svx">{{svxinclude}}</a>
|
<a href="{{svxinclude}}.svx">{{svxinclude}}</a>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</p>
|
</p>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
@ -61,15 +63,15 @@ $(document).ready(function()
|
|||||||
</pre>
|
</pre>
|
||||||
|
|
||||||
{% if logmessage %}
|
{% if logmessage %}
|
||||||
{% if has_3d %}
|
{% if has_3d %}
|
||||||
<p><a href="{% url "threed" title %}">3d file</a></p>
|
<p><a href='{% url "threed" title %}'>3d file</a></p>
|
||||||
{% else %}
|
{% else %}
|
||||||
<p><b>No 3d file</b></p>
|
<p><b>No 3d file</b></p>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<pre>
|
<pre>
|
||||||
LOGMESSAGES
|
LOGMESSAGES
|
||||||
{{logmessage}}
|
{{logmessage}}
|
||||||
</pre>
|
</pre>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|||||||
@ -5,14 +5,14 @@
|
|||||||
</pre>
|
</pre>
|
||||||
|
|
||||||
{% if logmessage %}
|
{% if logmessage %}
|
||||||
{% if has_3d %}
|
{% if has_3d %}
|
||||||
<p><a href="{% url "threed" title %}">3d file</a></p>
|
<p><a href='{% url "threed" title %}'>3d file</a></p>
|
||||||
{% else %}
|
{% else %}
|
||||||
<p><b>No 3d file</b></p>
|
<p><b>No 3d file</b></p>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<pre>
|
<pre>
|
||||||
LOGMESSAGES
|
LOGMESSAGES
|
||||||
{{logmessage}}
|
{{logmessage}}
|
||||||
</pre>
|
</pre>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|||||||
1
urls.py
1
urls.py
@ -117,7 +117,6 @@ actualurlpatterns = [
|
|||||||
|
|
||||||
url(r'^survexfile/caves/$', views_survex.survexcaveslist, name="survexcaveslist"),
|
url(r'^survexfile/caves/$', views_survex.survexcaveslist, name="survexcaveslist"),
|
||||||
url(r'^survexfile/(?P<survex_cave>.*)$', views_survex.survexcavesingle, name="survexcavessingle"),
|
url(r'^survexfile/(?P<survex_cave>.*)$', views_survex.survexcavesingle, name="survexcavessingle"),
|
||||||
url(r'^survexfileraw/(?P<survex_file>.*?)\.svx$', views_survex.svxraw, name="svxraw"),
|
|
||||||
|
|
||||||
# url(r'^survey_files/download/(?P<path>.*)$', view_surveys.download), # needs rewriting
|
# url(r'^survey_files/download/(?P<path>.*)$', view_surveys.download), # needs rewriting
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user