Merge remote-tracking branch 'origin/928-endpoint-to-set-csrf-token-c…

…ookie' into 741-graphql-api
Inter-Actief · Feb 17, 2025 · 5347b42 · 5347b42
2 parents a7a4f2d + 09cbfdf
commit 5347b42
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/amelie/api/authentication.py b/amelie/api/authentication.py
@@ -6,6 +6,11 @@
 from amelie.api.decorators import authentication_optional, authentication_required
 from amelie.api.exceptions import NotLoggedInError
 
+from django.http import JsonResponse
+from django.views.decorators.csrf import ensure_csrf_cookie
+from django.middleware.csrf import get_token
+from django.views.decorators.http import require_GET
+
 from modernrpc.core import rpc_method, REQUEST_KEY
 
 
@@ -129,3 +134,9 @@ def get_authenticated_apps(**kwargs) -> Union[List[Dict], None]:
     else:
         return None
 
+@require_GET
+@ensure_csrf_cookie  # Ensures the CSRF cookie is set
+def get_csrf_token(request):
+    response = JsonResponse({"message": "CSRF cookie set"})
+    response["X-CSRFToken"] = get_token(request)  # Send CSRF token in headers
+    return response
diff --git a/amelie/api/urls.py b/amelie/api/urls.py
@@ -4,6 +4,7 @@
 from modernrpc.views import RPCEntryPoint
 
 from amelie.companies.views import vivatbanner_get
+from amelie.api.authentication import get_csrf_token
 
 app_name = 'api'
 
@@ -12,4 +13,5 @@
     path('', RPCEntryPoint.as_view(protocol=Protocol.JSON_RPC), name="jsonrpc_mountpoint"),
     path('docs/', RPCEntryPoint.as_view(enable_doc=True, enable_rpc=False, template_name="api/doc_index.html")),
     path('vivat_banners/', vivatbanner_get, name='vivatbanner_get'),
+	path('csrf-token/', get_csrf_token, name='get_csrf_token'),
 ]