mirror of
https://github.com/pretix/pretix.git
synced 2026-05-06 15:24:02 +00:00
Fix cookie detection
This commit is contained in:
Raphael Michel
@@ -54,7 +54,7 @@ class IdempotencyMiddleware:
|
||||
|
||||
auth_hash_parts = '{}:{}'.format(
|
||||
request.headers.get('Authorization', ''),
|
||||
request.COOKIES.get(settings.SESSION_COOKIE_NAME, '')
|
||||
request.COOKIES.get('__Host-' + settings.SESSION_COOKIE_NAME, request.COOKIES.get(settings.SESSION_COOKIE_NAME, ''))
|
||||
)
|
||||
auth_hash = sha1(auth_hash_parts.encode()).hexdigest()
|
||||
idempotency_key = request.headers.get('X-Idempotency-Key', '')
|
||||
|
||||
@@ -42,7 +42,7 @@ class IdempotencyQueryView(APIView):
|
||||
idempotency_key = request.GET.get("key")
|
||||
auth_hash_parts = '{}:{}'.format(
|
||||
request.headers.get('Authorization', ''),
|
||||
request.COOKIES.get(settings.SESSION_COOKIE_NAME, '')
|
||||
request.COOKIES.get('__Host-' + settings.SESSION_COOKIE_NAME, request.COOKIES.get(settings.SESSION_COOKIE_NAME, ''))
|
||||
)
|
||||
auth_hash = sha1(auth_hash_parts.encode()).hexdigest()
|
||||
if not idempotency_key:
|
||||
|
||||
@@ -97,7 +97,10 @@ class CartActionMixin:
|
||||
if 'locale' in self.request.GET:
|
||||
query['locale'] = self.request.GET['locale']
|
||||
disclose_cart_id = (
|
||||
'iframe' in self.request.GET or settings.SESSION_COOKIE_NAME not in self.request.COOKIES
|
||||
'iframe' in self.request.GET or (
|
||||
settings.SESSION_COOKIE_NAME not in self.request.COOKIES and
|
||||
'__Host-' + settings.SESSION_COOKIE_NAME not in self.request.COOKIES
|
||||
)
|
||||
) and self.kwargs.get('cart_namespace')
|
||||
if disclose_cart_id:
|
||||
cart_id = get_or_create_cart_id(self.request)
|
||||
@@ -120,7 +123,10 @@ class CartActionMixin:
|
||||
else:
|
||||
u += '?require_cookie=true'
|
||||
disclose_cart_id = (
|
||||
'iframe' in self.request.GET or settings.SESSION_COOKIE_NAME not in self.request.COOKIES
|
||||
'iframe' in self.request.GET or (
|
||||
settings.SESSION_COOKIE_NAME not in self.request.COOKIES and
|
||||
'__Host-' + settings.SESSION_COOKIE_NAME not in self.request.COOKIES
|
||||
)
|
||||
) and self.kwargs.get('cart_namespace')
|
||||
if disclose_cart_id:
|
||||
cart_id = get_or_create_cart_id(self.request)
|
||||
@@ -592,7 +598,8 @@ class RedeemView(NoSearchIndexViewMixin, EventViewMixin, CartMixin, TemplateView
|
||||
|
||||
context['new_tab'] = (
|
||||
'require_cookie' in self.request.GET and
|
||||
settings.SESSION_COOKIE_NAME not in self.request.COOKIES
|
||||
settings.SESSION_COOKIE_NAME not in self.request.COOKIES and
|
||||
'__Host-' + settings.SESSION_COOKIE_NAME not in self.request.COOKIES
|
||||
# Cookies are not supported! Lets just make the form open in a new tab
|
||||
)
|
||||
|
||||
|
||||
@@ -488,7 +488,8 @@ class EventIndex(EventViewMixin, EventListMixin, CartMixin, TemplateView):
|
||||
elif request.GET.get('iframe', '') == '1' and len(self.request.GET.get('widget_data', '{}')) > 3:
|
||||
# We've been passed data from a widget, we need to create a cart session to store it.
|
||||
get_or_create_cart_id(request)
|
||||
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES:
|
||||
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES and \
|
||||
'__Host-' + settings.SESSION_COOKIE_NAME not in self.request.COOKIES:
|
||||
# Cookies are in fact not supported
|
||||
r = render(request, 'pretixpresale/event/cookies.html', {
|
||||
'url': eventreverse(
|
||||
|
||||
@@ -77,7 +77,8 @@ class WaitingView(EventViewMixin, FormView):
|
||||
if request.GET.get('iframe', '') == '1' and 'require_cookie' not in request.GET:
|
||||
# Widget just opened. Let's to a stupid redirect to check if cookies are disabled
|
||||
return redirect(request.get_full_path() + '&require_cookie=true')
|
||||
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES:
|
||||
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES and\
|
||||
'__Host-' + settings.SESSION_COOKIE_NAME not in self.request.COOKIES:
|
||||
# Cookies are in fact not supported. We can't even display the form, since we can't get CSRF right without
|
||||
# cookies.
|
||||
r = render(request, 'pretixpresale/event/cookies.html', {
|
||||
|
||||
Reference in New Issue
Block a user