forked from CGM_Public/pretix_original
Fix cookie detection
This commit is contained in:
Raphael Michel
@@ -54,7 +54,7 @@ class IdempotencyMiddleware:
|
|||||||
|
|
||||||
auth_hash_parts = '{}:{}'.format(
|
auth_hash_parts = '{}:{}'.format(
|
||||||
request.headers.get('Authorization', ''),
|
request.headers.get('Authorization', ''),
|
||||||
request.COOKIES.get(settings.SESSION_COOKIE_NAME, '')
|
request.COOKIES.get('__Host-' + settings.SESSION_COOKIE_NAME, request.COOKIES.get(settings.SESSION_COOKIE_NAME, ''))
|
||||||
)
|
)
|
||||||
auth_hash = sha1(auth_hash_parts.encode()).hexdigest()
|
auth_hash = sha1(auth_hash_parts.encode()).hexdigest()
|
||||||
idempotency_key = request.headers.get('X-Idempotency-Key', '')
|
idempotency_key = request.headers.get('X-Idempotency-Key', '')
|
||||||
|
|||||||
@@ -42,7 +42,7 @@ class IdempotencyQueryView(APIView):
|
|||||||
idempotency_key = request.GET.get("key")
|
idempotency_key = request.GET.get("key")
|
||||||
auth_hash_parts = '{}:{}'.format(
|
auth_hash_parts = '{}:{}'.format(
|
||||||
request.headers.get('Authorization', ''),
|
request.headers.get('Authorization', ''),
|
||||||
request.COOKIES.get(settings.SESSION_COOKIE_NAME, '')
|
request.COOKIES.get('__Host-' + settings.SESSION_COOKIE_NAME, request.COOKIES.get(settings.SESSION_COOKIE_NAME, ''))
|
||||||
)
|
)
|
||||||
auth_hash = sha1(auth_hash_parts.encode()).hexdigest()
|
auth_hash = sha1(auth_hash_parts.encode()).hexdigest()
|
||||||
if not idempotency_key:
|
if not idempotency_key:
|
||||||
|
|||||||
@@ -97,7 +97,10 @@ class CartActionMixin:
|
|||||||
if 'locale' in self.request.GET:
|
if 'locale' in self.request.GET:
|
||||||
query['locale'] = self.request.GET['locale']
|
query['locale'] = self.request.GET['locale']
|
||||||
disclose_cart_id = (
|
disclose_cart_id = (
|
||||||
'iframe' in self.request.GET or settings.SESSION_COOKIE_NAME not in self.request.COOKIES
|
'iframe' in self.request.GET or (
|
||||||
|
settings.SESSION_COOKIE_NAME not in self.request.COOKIES and
|
||||||
|
'__Host-' + settings.SESSION_COOKIE_NAME not in self.request.COOKIES
|
||||||
|
)
|
||||||
) and self.kwargs.get('cart_namespace')
|
) and self.kwargs.get('cart_namespace')
|
||||||
if disclose_cart_id:
|
if disclose_cart_id:
|
||||||
cart_id = get_or_create_cart_id(self.request)
|
cart_id = get_or_create_cart_id(self.request)
|
||||||
@@ -120,7 +123,10 @@ class CartActionMixin:
|
|||||||
else:
|
else:
|
||||||
u += '?require_cookie=true'
|
u += '?require_cookie=true'
|
||||||
disclose_cart_id = (
|
disclose_cart_id = (
|
||||||
'iframe' in self.request.GET or settings.SESSION_COOKIE_NAME not in self.request.COOKIES
|
'iframe' in self.request.GET or (
|
||||||
|
settings.SESSION_COOKIE_NAME not in self.request.COOKIES and
|
||||||
|
'__Host-' + settings.SESSION_COOKIE_NAME not in self.request.COOKIES
|
||||||
|
)
|
||||||
) and self.kwargs.get('cart_namespace')
|
) and self.kwargs.get('cart_namespace')
|
||||||
if disclose_cart_id:
|
if disclose_cart_id:
|
||||||
cart_id = get_or_create_cart_id(self.request)
|
cart_id = get_or_create_cart_id(self.request)
|
||||||
@@ -592,7 +598,8 @@ class RedeemView(NoSearchIndexViewMixin, EventViewMixin, CartMixin, TemplateView
|
|||||||
|
|
||||||
context['new_tab'] = (
|
context['new_tab'] = (
|
||||||
'require_cookie' in self.request.GET and
|
'require_cookie' in self.request.GET and
|
||||||
settings.SESSION_COOKIE_NAME not in self.request.COOKIES
|
settings.SESSION_COOKIE_NAME not in self.request.COOKIES and
|
||||||
|
'__Host-' + settings.SESSION_COOKIE_NAME not in self.request.COOKIES
|
||||||
# Cookies are not supported! Lets just make the form open in a new tab
|
# Cookies are not supported! Lets just make the form open in a new tab
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@@ -488,7 +488,8 @@ class EventIndex(EventViewMixin, EventListMixin, CartMixin, TemplateView):
|
|||||||
elif request.GET.get('iframe', '') == '1' and len(self.request.GET.get('widget_data', '{}')) > 3:
|
elif request.GET.get('iframe', '') == '1' and len(self.request.GET.get('widget_data', '{}')) > 3:
|
||||||
# We've been passed data from a widget, we need to create a cart session to store it.
|
# We've been passed data from a widget, we need to create a cart session to store it.
|
||||||
get_or_create_cart_id(request)
|
get_or_create_cart_id(request)
|
||||||
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES:
|
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES and \
|
||||||
|
'__Host-' + settings.SESSION_COOKIE_NAME not in self.request.COOKIES:
|
||||||
# Cookies are in fact not supported
|
# Cookies are in fact not supported
|
||||||
r = render(request, 'pretixpresale/event/cookies.html', {
|
r = render(request, 'pretixpresale/event/cookies.html', {
|
||||||
'url': eventreverse(
|
'url': eventreverse(
|
||||||
|
|||||||
@@ -77,7 +77,8 @@ class WaitingView(EventViewMixin, FormView):
|
|||||||
if request.GET.get('iframe', '') == '1' and 'require_cookie' not in request.GET:
|
if request.GET.get('iframe', '') == '1' and 'require_cookie' not in request.GET:
|
||||||
# Widget just opened. Let's to a stupid redirect to check if cookies are disabled
|
# Widget just opened. Let's to a stupid redirect to check if cookies are disabled
|
||||||
return redirect(request.get_full_path() + '&require_cookie=true')
|
return redirect(request.get_full_path() + '&require_cookie=true')
|
||||||
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES:
|
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES and\
|
||||||
|
'__Host-' + settings.SESSION_COOKIE_NAME not in self.request.COOKIES:
|
||||||
# Cookies are in fact not supported. We can't even display the form, since we can't get CSRF right without
|
# Cookies are in fact not supported. We can't even display the form, since we can't get CSRF right without
|
||||||
# cookies.
|
# cookies.
|
||||||
r = render(request, 'pretixpresale/event/cookies.html', {
|
r = render(request, 'pretixpresale/event/cookies.html', {
|
||||||
|
|||||||
Reference in New Issue
Block a user