nk20/note_kfet/middlewares.py

# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
# SPDX-License-Identifier: GPL-3.0-or-later

from urllib3.packages.rfc3986 import urlparse

try:
    from django.utils.deprecation import MiddlewareMixin
except ImportError:
    MiddlewareMixin = object
from django.http import HttpResponseForbidden


def same_origin(current_uri, redirect_uri):
    a = urlparse(current_uri)
    if not a.scheme:
        return True
    b = urlparse(redirect_uri)
    return (a.scheme, a.hostname, a.port) == (b.scheme, b.hostname, b.port)


class TurbolinksMiddleware(MiddlewareMixin):

    def process_request(self, request):
        referrer = request.META.get('HTTP_X_XHR_REFERER')
        if referrer:
            # overwrite referrer
            request.META['HTTP_REFERER'] = referrer
        return

    def process_response(self, request, response):
        referrer = request.META.get('HTTP_X_XHR_REFERER')
        if not referrer:
            # turbolinks not enabled
            return response

        method = request.COOKIES.get('request_method')
        if not method or method != request.method:
            response.set_cookie('request_method', request.method)

        if response.has_header('Location'):
            # this is a redirect response
            loc = response['Location']
            request.session['_turbolinks_redirect_to'] = loc

            # cross domain blocker
            if referrer and not same_origin(loc, referrer):
                return HttpResponseForbidden()
        else:
            if request.session.get('_turbolinks_redirect_to'):
                loc = request.session.pop('_turbolinks_redirect_to')
                response['X-XHR-Redirected-To'] = loc
        return response
Remove django-turbolinks dependency 2020-02-21 17:45:18 +00:00			`# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay`
			`# SPDX-License-Identifier: GPL-3.0-or-later`

			`from urllib3.packages.rfc3986 import urlparse`

			`try:`
			`from django.utils.deprecation import MiddlewareMixin`
			`except ImportError:`
			`MiddlewareMixin = object`
			`from django.http import HttpResponseForbidden`


			`def same_origin(current_uri, redirect_uri):`
			`a = urlparse(current_uri)`
			`if not a.scheme:`
			`return True`
			`b = urlparse(redirect_uri)`
			`return (a.scheme, a.hostname, a.port) == (b.scheme, b.hostname, b.port)`


			`class TurbolinksMiddleware(MiddlewareMixin):`

			`def process_request(self, request):`
			`referrer = request.META.get('HTTP_X_XHR_REFERER')`
			`if referrer:`
			`# overwrite referrer`
			`request.META['HTTP_REFERER'] = referrer`
			`return`

			`def process_response(self, request, response):`
			`referrer = request.META.get('HTTP_X_XHR_REFERER')`
			`if not referrer:`
			`# turbolinks not enabled`
			`return response`

			`method = request.COOKIES.get('request_method')`
			`if not method or method != request.method:`
			`response.set_cookie('request_method', request.method)`

			`if response.has_header('Location'):`
			`# this is a redirect response`
			`loc = response['Location']`
			`request.session['_turbolinks_redirect_to'] = loc`

			`# cross domain blocker`
			`if referrer and not same_origin(loc, referrer):`
			`return HttpResponseForbidden()`
			`else:`
			`if request.session.get('_turbolinks_redirect_to'):`
			`loc = request.session.pop('_turbolinks_redirect_to')`
			`response['X-XHR-Redirected-To'] = loc`
			`return response`