wangchunlin
/
cvat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed authentification for cross origin (#528)

Browse Source
main
Boris Sekachev 7 years ago committed by Nikita Manovich
parent d1a3c12c9a
commit 5290882259
4 changed files with 27 additions and 7 deletions
Show Stats Download Patch File Download Diff File

1
cvat/apps/authentication/urls.py
Unescape Escape View File

@ -15,6 +15,7 @@ urlpatterns = [
template_name='login.html', extra_context={'note': settings.AUTH_LOGIN_NOTE}), template_name='login.html', extra_context={'note': settings.AUTH_LOGIN_NOTE}),
name='login'), name='login'),
path('logout', auth_views.LogoutView.as_view(next_page='login'), name='logout'), path('logout', auth_views.LogoutView.as_view(next_page='login'), name='logout'),
path('csrf', views.get_csrf, name='csrf')
] ]
if settings.DJANGO_AUTH_TYPE == 'BASIC': if settings.DJANGO_AUTH_TYPE == 'BASIC':

7
cvat/apps/authentication/views.py
Unescape Escape View File

@ -5,11 +5,12 @@
from django.shortcuts import render, redirect from django.shortcuts import render, redirect
from django.conf import settings from django.conf import settings
from django.http import JsonResponse
from django.contrib.auth import login, authenticate from django.contrib.auth import login, authenticate
from django.middleware.csrf import get_token
from . import forms from . import forms
def register_user(request): def register_user(request):
if request.method == 'POST': if request.method == 'POST':
form = forms.NewUserForm(request.POST) form = forms.NewUserForm(request.POST)
@ -23,3 +24,7 @@ def register_user(request):
else: else:
form = forms.NewUserForm() form = forms.NewUserForm()
return render(request, 'register.html', {'form': form}) return render(request, 'register.html', {'form': form})
def get_csrf(request):
return JsonResponse({'csrf': get_token(request)})

5
cvat/settings/development.py
Unescape Escape View File

@ -16,6 +16,11 @@ MIDDLEWARE += [
'corsheaders.middleware.CorsMiddleware', 'corsheaders.middleware.CorsMiddleware',
] ]
CORS_ALLOW_CREDENTIALS = True
CSRF_TRUSTED_ORIGINS = [
'http://localhost:3000'
]
CORS_ORIGIN_WHITELIST = [ CORS_ORIGIN_WHITELIST = [
"http://localhost:3000", "http://localhost:3000",
] ]

13
cvatjs/src/server-proxy.js
Unescape Escape View File

@ -19,6 +19,9 @@
Axios.defaults.headers.patch['X-CSRFToken'] = header; Axios.defaults.headers.patch['X-CSRFToken'] = header;
Axios.defaults.headers.post['X-CSRFToken'] = header; Axios.defaults.headers.post['X-CSRFToken'] = header;
Axios.defaults.headers.put['X-CSRFToken'] = header; Axios.defaults.headers.put['X-CSRFToken'] = header;
// Allows to move authentification headers to backend
Axios.defaults.withCredentials = true;
} }
async function about() { async function about() {
@ -98,7 +101,12 @@
Axios.defaults.headers.common.Cookie = cookies; Axios.defaults.headers.common.Cookie = cookies;
} else { } else {
// Browser code. We need set additinal header for authentification // Browser code. We need set additinal header for authentification
const csrftoken = Cookie.get('csrftoken'); let csrftoken = response.data.csrf;
if (csrftoken) {
setCSRFHeader(csrftoken);
Cookie.set('csrftoken', csrftoken);
} else {
csrftoken = Cookie.get('csrftoken');
if (csrftoken) { if (csrftoken) {
setCSRFHeader(csrftoken); setCSRFHeader(csrftoken);
} else { } else {
@ -109,11 +117,12 @@
} }
} }
} }
}
const host = window.cvat.config.backendAPI.slice(0, -7); const host = window.cvat.config.backendAPI.slice(0, -7);
let csrf = null; let csrf = null;
try { try {
csrf = await Axios.get(`${host}/auth/login`, { csrf = await Axios.get(`${host}/auth/csrf`, {
proxy: window.cvat.config.proxy, proxy: window.cvat.config.proxy,
}); });
} catch (errorData) { } catch (errorData) {

Write Preview
Loading…
Cancel
Save