Merge pull request #287 from lprokein/csrf-cookie-name

agusmakmun · web-flow · commit a1a5acc46499 · 2025-10-27T07:23:47.000+07:00
Changing default CSRF cookie name setting
diff --git a/martor/settings.py b/martor/settings.py
@@ -233,3 +233,9 @@
 )
 # Disable admin style when using custom admin interface e.g django-grappelli
 MARTOR_ENABLE_ADMIN_CSS = getattr(settings, "MARTOR_ENABLE_ADMIN_CSS", True)
+
+MARTOR_CSRF_COOKIE_NAME = (
+    settings.MARTOR_CSRF_COOKIE_NAME
+    if hasattr(settings, "MARTOR_CSRF_COOKIE_NAME")
+    else "csrftoken"
+)
diff --git a/martor/static/martor/js/martor.bootstrap.js b/martor/static/martor/js/martor.bootstrap.js
@@ -92,7 +92,7 @@
                                 url: textareaId.data('search-users-url'),
                                 data: {
                                     'username': username,
-                                    'csrfmiddlewaretoken': getCookie('csrftoken')
+                                    'csrfmiddlewaretoken': getCookie(textareaId.data('csrf-cookie-name'))
                                 },
                                 success: function (data) {
                                     if (data['status'] == 200) {
@@ -154,7 +154,7 @@
                 var value = textareaId.val();
                 var form = new FormData();
                 form.append('content', value);
-                form.append('csrfmiddlewaretoken', getCookie('csrftoken'));
+                form.append('csrfmiddlewaretoken', getCookie(textareaId.data('csrf-cookie-name')));
                 currentTab.addClass('martor-preview-stale');
 
                 $.ajax({
@@ -541,7 +541,7 @@
                 var firstForm = $('#' + editorId).closest('form').get(0);
                 var field_name = editor.container.id.replace('martor-', '');
                 var form = new FormData(firstForm);
-                form.append('csrfmiddlewaretoken', getCookie('csrftoken'));
+                form.append('csrfmiddlewaretoken', getCookie(textareaId.data('csrf-cookie-name')));
 
                 $.ajax({
                     url: textareaId.data('upload-url'),
diff --git a/martor/static/martor/js/martor.bootstrap.min.js b/martor/static/martor/js/martor.bootstrap.min.js
diff --git a/martor/static/martor/js/martor.semantic.js b/martor/static/martor/js/martor.semantic.js
@@ -92,7 +92,7 @@
                                 url: textareaId.data('search-users-url'),
                                 data: {
                                     'username': username,
-                                    'csrfmiddlewaretoken': getCookie('csrftoken')
+                                    'csrfmiddlewaretoken': getCookie(textareaId.data('csrf-cookie-name'))
                                 },
                                 success: function (data) {
                                     if (data['status'] == 200) {
@@ -143,7 +143,7 @@
                 var value = textareaId.val();
                 var form = new FormData();
                 form.append('content', value);
-                form.append('csrfmiddlewaretoken', getCookie('csrftoken'));
+                form.append('csrfmiddlewaretoken', getCookie(textareaId.data('csrf-cookie-name')));
                 currentTab.addClass('martor-preview-stale');
 
                 $.ajax({
@@ -536,7 +536,7 @@
                 var firstForm = $('#' + editorId).closest('form').get(0);
                 var field_name = editor.container.id.replace('martor-', '');
                 var form = new FormData(firstForm);
-                form.append('csrfmiddlewaretoken', getCookie('csrftoken'));
+                form.append('csrfmiddlewaretoken', getCookie(textareaId.data('csrf-cookie-name')));
 
                 $.ajax({
                     url: textareaId.data('upload-url'),
diff --git a/martor/static/martor/js/martor.semantic.min.js b/martor/static/martor/js/martor.semantic.min.js
diff --git a/martor/widgets.py b/martor/widgets.py
@@ -18,6 +18,7 @@
     MARTOR_THEME,
     MARTOR_TOOLBAR_BUTTONS,
     MARTOR_UPLOAD_URL,
+    MARTOR_CSRF_COOKIE_NAME,
 )
 
 
@@ -40,6 +41,7 @@ def render(self, name, value, attrs=None, renderer=None, **kwargs):
         attributes_to_pass = {
             "data-enable-configs": MARTOR_ENABLE_CONFIGS,
             "data-markdownfy-url": reverse("martor_markdownfy"),
+            "data-csrf-cookie-name": MARTOR_CSRF_COOKIE_NAME,
         }
 
         if MARTOR_UPLOAD_URL:
@@ -51,6 +53,7 @@ def render(self, name, value, attrs=None, renderer=None, **kwargs):
         if MARTOR_MARKDOWNIFY_TIMEOUT:
             attributes_to_pass["data-save-timeout"] = MARTOR_MARKDOWNIFY_TIMEOUT
 
+
         # Make sure that the martor value is in the class attr passed in
         if "class" in attrs:
             attrs["class"] += " martor"
