[GeoNode-devel] Reg: Use of httponly flag for cookie in GeoNode

Naresh N naresh919 at gmail.com
Tue Aug 20 04:05:42 PDT 2019


Dear All,

I could able to resolve the issue. The following changes are done.

1. Settings.py  * CSRF_COOKIE_HTTPONLY=True*
*2.* In following  files *X-CSRFToken* value is assigned using the  var
csrftoken = jQuery("[name=csrfmiddlewaretoken]").val();

a./usr/lib/python2.7/site-packages/autocomplete_light/templates/autocomplete_light/_ajax_csrf.html-
  b.. /home/geonode/geonode/static_root/pinax/js/theme.js
  c. ./home/geonode/geonode/static_root/geonode/js/extjs/GeoNode-mixin.js
  d../home/geonode/geonode/static_root/pinax/js/theme.js
  e. /home/geonode/geonode/static_root/geonode/js/utils/util.js
  f. /home/geonode/geonode/static_root/geonode/js/extjs/GeoNode-mixin.js

Thanks&Regards,
Naresh.N

On Mon, Aug 19, 2019 at 3:05 PM Naresh N <naresh919 at gmail.com> wrote:

> Dear all,
>
> The following changes are made to enable HTTPOnly flag for cookies
>
> 1. In settings.py   * CSRF_COOKIE_HTTPONLY=True*
> 2.* X-CSRFToken* value is set using the  jquery -- *var csrftoken =
> jQuery("[name=csrfmiddlewaretoken]").val();*
>
> After doing the above changes layers are not getting upload and showing
> CSRF validation failed. Please find the attached screenshot with this mail.
>
> Kindly  help me to fix the issue. Apart from above mentioned places is any
> other places need changes?
>
> Thanks&Regards,
> Naresh.N
>
>
> On Fri, Aug 16, 2019 at 1:46 PM Naresh N <naresh919 at gmail.com> wrote:
>
>> Dear All,
>>
>> Kindly help on regarding httponly flag for cookie use in GeoNode.
>>
>> Thanks&Regards,
>> Naresh.N
>>
>> On Wed, Aug 14, 2019 at 3:03 PM Naresh N <naresh919 at gmail.com> wrote:
>>
>>> Dear All,
>>>
>>> We have used GeoNode for development of  our portal.
>>> As a part of security measures,we have to use cookie set with httponly
>>> flag.  I have  enabled the flag CSRF_COOKIE_HTTPONLY  as true in
>>> settings.py,  then* upload layers* and other *ajax_requsts functions
>>> are not working.*
>>>
>>> Please suggest how to over come this. Which are all the places need to
>>> modify the code.
>>>
>>> Thanks&Regards,
>>> Naresh.N
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20190820/50533bf3/attachment.html>


More information about the geonode-devel mailing list