Remove django-turbolinks dependency

2025-11-03 17:08:47 +01:00 · 2020-02-21 18:45:18 +01:00
parent 3fd99ebac7
commit db1e3eb98d
3 changed files with 53 additions and 4 deletions
--- a/note_kfet/middlewares.py
+++ b/note_kfet/middlewares.py
@@ -0,0 +1,52 @@
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from urllib3.packages.rfc3986 import urlparse
+
+try:
+    from django.utils.deprecation import MiddlewareMixin
+except ImportError:
+    MiddlewareMixin = object
+from django.http import HttpResponseForbidden
+
+
+def same_origin(current_uri, redirect_uri):
+    a = urlparse(current_uri)
+    if not a.scheme:
+        return True
+    b = urlparse(redirect_uri)
+    return (a.scheme, a.hostname, a.port) == (b.scheme, b.hostname, b.port)
+
+
+class TurbolinksMiddleware(MiddlewareMixin):
+
+    def process_request(self, request):
+        referrer = request.META.get('HTTP_X_XHR_REFERER')
+        if referrer:
+            # overwrite referrer
+            request.META['HTTP_REFERER'] = referrer
+        return
+
+    def process_response(self, request, response):
+        referrer = request.META.get('HTTP_X_XHR_REFERER')
+        if not referrer:
+            # turbolinks not enabled
+            return response
+
+        method = request.COOKIES.get('request_method')
+        if not method or method != request.method:
+            response.set_cookie('request_method', request.method)
+
+        if response.has_header('Location'):
+            # this is a redirect response
+            loc = response['Location']
+            request.session['_turbolinks_redirect_to'] = loc
+
+            # cross domain blocker
+            if referrer and not same_origin(loc, referrer):
+                return HttpResponseForbidden()
+        else:
+            if request.session.get('_turbolinks_redirect_to'):
+                loc = request.session.pop('_turbolinks_redirect_to')
+                response['X-XHR-Redirected-To'] = loc
+        return response
--- a/note_kfet/settings/base.py
+++ b/note_kfet/settings/base.py
@@ -55,8 +55,6 @@ INSTALLED_APPS = [
    # Autocomplete
    'dal',
    'dal_select2',
-    # turbolinks
-    'turbolinks',

    # Note apps
    'activity',
@@ -77,7 +75,7 @@ MIDDLEWARE = [
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'django.middleware.locale.LocaleMiddleware',
    'django.contrib.sites.middleware.CurrentSiteMiddleware',
-    'turbolinks.middleware.TurbolinksMiddleware',
+    'note_kfet.middlewares.TurbolinksMiddleware',
 ]

 ROOT_URLCONF = 'note_kfet.urls'
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,7 +13,6 @@ djangorestframework==3.9.0
 django-rest-polymorphic==0.1.8
 django-reversion==3.0.3
 django-tables2==2.1.0
-django-turbolinks==0.5.1
 docutils==0.14
 psycopg2==2.8.4
 idna==2.8