expo/troggle
2
0
Fork 1
mirror of https://expo.survex.com/repositories/troggle/.git synced 2024-11-22 15:21:52 +00:00
Code Issues 19 Projects 3 Activity

attempting to enable csrf cookie robustly

Browse Source
This commit is contained in:
Philip Sargent 2021-03-26 17:33:58 +00:00
parent f5e799d632
commit 1c7e99e91b
6 changed files with 32 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
settings.py
View File

@ -128,11 +128,11 @@ INSTALLED_APPS = (
)
MIDDLEWARE_CLASSES = (
'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST
'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST
'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions across requests
'django.middleware.common.CommonMiddleware', # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW
'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST
'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user, to every incoming HttpRequest
'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user
'django.contrib.admindocs.middleware.XViewMiddleware',
'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support
'django.middleware.clickjacking.XFrameOptionsMiddleware', # clickjacking protection via the X-Frame-Options header

14
templates/base.html
View File

@ -23,7 +23,7 @@
You are logged in as {{ user.username }}
{% if user.person %}(<a href="{{ user.person.get_absolute_url }}">{{ user.person }}</a>)
{% endif %}.
| <a href="{% url "auth_logout" %}">Log out</a> {% else %} <a href="{% url "registration_register" %}">Sign up</a> | <a href="{% url "auth_login" %}">Log in</a> {% endif %}
| <a href="{% url "auth_logout" %}">Log out</a> {% else %} <a href='{% url "registration_register" %}'>Sign up</a> | <a href='{% url "auth_login" %}'>Log in</a> {% endif %}
{% endblock%}
{% block editLink %}
@ -40,15 +40,10 @@
<a href="{% url "survexcavessingle" "204" %}">Surveys-204</a> |
<a href="{% url "expedition" 2018 %}">Expo2018</a> |
<a href="{% url "expedition" 2019 %}">Expo2019</a> |
<br>
<a id="cuccLink" href="https://camcaving.uk">cucc server</a> |
<a id="expoWebsiteLink" href="http://expo.survex.com">expo server</a> |
<a href="{% url "frontpage" %}">tasks to do </a> |
<a id="cavesLink" href="{% url "caveindex" %}">caves</a> |
<a id="caversLink" href="{% url "personindex" %}">people</a> |
@ -59,14 +54,11 @@
</div>
<div id="nav">
{% block nav %}
<!-- Use id="nav" for the left side menu -->
{% endblock %}
</div>
<div id="content" >
{% block contentheader %}
@ -80,15 +72,11 @@
</script>
{% endblock %}
</div>
{% block content %}
REPLACE : The content
{% endblock %}
</div>
<div class="footer">
</div>
</body>
</html>

2
templates/svxcavesingle.html
View File

@ -9,7 +9,7 @@
{% autoescape off %}
<h1>Surveys for <a href="/{{cave.url}}">{{cave.official_name}}</a> - kataster:{{cave}}</h1>
{% endautoescape %}
<!-- the only thing passed into this temnplate is the object identifier for a cave.
<!-- the only thing passed into this temnlate is the object identifier for a cave.
All the processing to extract the survex subdriectories and survex files is done in this template -->
<p>Cave description: <a href="/{{cave.url}}">{{cave.url}}</a>

32
templates/svxfile.html
View File

@ -1,13 +1,14 @@
{% extends "base.html" %}
{% load survex_markup %}
{% load survex_markup %} <!-- this is core/templatetags/survex_markup.py for syntax colouring -->
{% block title %}{{ title }}{% endblock %}
{% block head %}
<script type="text/javascript" src="{{settings.MEDIA_URL }}js/base.js"></script>
<script type="text/javascript" src="{{settings.JSLIB_URL}}jquery-form/jquery.form.min.js"></script> <!-- INVALID-->
<script type="text/javascript" src="{{settings.JSLIB_URL}}codemirror/codemirror.min.js"></script> <!-- INVALID-->
<!-- <script type="text/javascript" src="{{settings.JSLIB_URL}}jquery-form/jquery.form.min.js"></script> <!-- INVALID-->
<!-- <script type="text/javascript" src="{{settings.JSLIB_URL}}codemirror/codemirror.min.js"></script> <!-- INVALID-->
<!-- Not in use and not needed for simple text editor jquery
<script type="text/javascript">
var codeeditor;
$(document).ready(function()
@ -33,16 +34,17 @@ $(document).ready(function()
});
</script>
-->
{% endblock %}
{% block content %}
<h1>Survex File: {{ title }}</h1>
{% if svxincludes %}
<p><b>Included files:</b>
{% for svxinclude in svxincludes %}
<p><b>Included files:</b>
{% for svxinclude in svxincludes %}
<a href="{{svxinclude}}.svx">{{svxinclude}}</a>
{% endfor %}
{% endfor %}
</p>
{% endif %}
@ -61,15 +63,15 @@ $(document).ready(function()
</pre>
{% if logmessage %}
{% if has_3d %}
<p><a href="{% url "threed" title %}">3d file</a></p>
{% else %}
<p><b>No 3d file</b></p>
{% endif %}
<pre>
LOGMESSAGES
{{logmessage}}
</pre>
{% if has_3d %}
<p><a href='{% url "threed" title %}'>3d file</a></p>
{% else %}
<p><b>No 3d file</b></p>
{% endif %}
<pre>
LOGMESSAGES
{{logmessage}}
</pre>
{% endif %}
</div>

18
templates/svxfiledifflistonly.html
View File

@ -5,14 +5,14 @@
</pre>
{% if logmessage %}
{% if has_3d %}
<p><a href="{% url "threed" title %}">3d file</a></p>
{% else %}
<p><b>No 3d file</b></p>
{% endif %}
<pre>
LOGMESSAGES
{{logmessage}}
</pre>
{% if has_3d %}
<p><a href='{% url "threed" title %}'>3d file</a></p>
{% else %}
<p><b>No 3d file</b></p>
{% endif %}
<pre>
LOGMESSAGES
{{logmessage}}
</pre>
{% endif %}

1
urls.py
View File

@ -117,7 +117,6 @@ actualurlpatterns = [
url(r'^survexfile/caves/$', views_survex.survexcaveslist, name="survexcaveslist"),
url(r'^survexfile/(?P<survex_cave>.*)$', views_survex.survexcavesingle, name="survexcavessingle"),
url(r'^survexfileraw/(?P<survex_file>.*?)\.svx$', views_survex.svxraw, name="svxraw"),
# url(r'^survey_files/download/(?P<path>.*)$', view_surveys.download), # needs rewriting