From db1e3eb98d4ad6659ac34a81d1c3eda694f0fefa Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <yohann.danello@gmail.com>
Date: Fri, 21 Feb 2020 18:45:18 +0100
Subject: [PATCH] Remove django-turbolinks dependency

---
 note_kfet/middlewares.py   | 52 ++++++++++++++++++++++++++++++++++++++
 note_kfet/settings/base.py |  4 +--
 requirements.txt           |  1 -
 3 files changed, 53 insertions(+), 4 deletions(-)
 create mode 100644 note_kfet/middlewares.py

diff --git a/note_kfet/middlewares.py b/note_kfet/middlewares.py
new file mode 100644
index 00000000..360132bf
--- /dev/null
+++ b/note_kfet/middlewares.py
@@ -0,0 +1,52 @@
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from urllib3.packages.rfc3986 import urlparse
+
+try:
+    from django.utils.deprecation import MiddlewareMixin
+except ImportError:
+    MiddlewareMixin = object
+from django.http import HttpResponseForbidden
+
+
+def same_origin(current_uri, redirect_uri):
+    a = urlparse(current_uri)
+    if not a.scheme:
+        return True
+    b = urlparse(redirect_uri)
+    return (a.scheme, a.hostname, a.port) == (b.scheme, b.hostname, b.port)
+
+
+class TurbolinksMiddleware(MiddlewareMixin):
+
+    def process_request(self, request):
+        referrer = request.META.get('HTTP_X_XHR_REFERER')
+        if referrer:
+            # overwrite referrer
+            request.META['HTTP_REFERER'] = referrer
+        return
+
+    def process_response(self, request, response):
+        referrer = request.META.get('HTTP_X_XHR_REFERER')
+        if not referrer:
+            # turbolinks not enabled
+            return response
+
+        method = request.COOKIES.get('request_method')
+        if not method or method != request.method:
+            response.set_cookie('request_method', request.method)
+
+        if response.has_header('Location'):
+            # this is a redirect response
+            loc = response['Location']
+            request.session['_turbolinks_redirect_to'] = loc
+
+            # cross domain blocker
+            if referrer and not same_origin(loc, referrer):
+                return HttpResponseForbidden()
+        else:
+            if request.session.get('_turbolinks_redirect_to'):
+                loc = request.session.pop('_turbolinks_redirect_to')
+                response['X-XHR-Redirected-To'] = loc
+        return response
diff --git a/note_kfet/settings/base.py b/note_kfet/settings/base.py
index 66acb044..9019b4e0 100644
--- a/note_kfet/settings/base.py
+++ b/note_kfet/settings/base.py
@@ -55,8 +55,6 @@ INSTALLED_APPS = [
     # Autocomplete
     'dal',
     'dal_select2',
-    # turbolinks
-    'turbolinks',
 
     # Note apps
     'activity',
@@ -77,7 +75,7 @@ MIDDLEWARE = [
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.middleware.locale.LocaleMiddleware',
     'django.contrib.sites.middleware.CurrentSiteMiddleware',
-    'turbolinks.middleware.TurbolinksMiddleware',
+    'note_kfet.middlewares.TurbolinksMiddleware',
 ]
 
 ROOT_URLCONF = 'note_kfet.urls'
diff --git a/requirements.txt b/requirements.txt
index 872a451c..21c24808 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,7 +13,6 @@ djangorestframework==3.9.0
 django-rest-polymorphic==0.1.8
 django-reversion==3.0.3
 django-tables2==2.1.0
-django-turbolinks==0.5.1
 docutils==0.14
 psycopg2==2.8.4
 idna==2.8