Handle custom CSRF header name. Fixes #14.

adamghill · Mar 10, 2021 · d622d95 · d622d95
1 parent c1ae93c
commit d622d95
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 7 deletions.
diff --git a/django_unicorn/static/js/unicorn.js b/django_unicorn/static/js/unicorn.js
@@ -1,15 +1,24 @@
 import { Component } from "./component.js";
-import { isEmpty } from "./utils.js";
+import { isEmpty, hasValue } from "./utils.js";
 import { components } from "./store.js";
 
 let messageUrl = "";
-const csrfTokenHeaderName = "X-CSRFToken";
+let csrfTokenHeaderName = "X-CSRFToken";
 
 /**
  * Initializes the Unicorn object.
  */
-export function init(_messageUrl) {
+export function init(_messageUrl, _csrfTokenHeaderName) {
   messageUrl = _messageUrl;
+
+  if (hasValue(_csrfTokenHeaderName)) {
+    csrfTokenHeaderName = _csrfTokenHeaderName;
+  }
+
+  return {
+    messageUrl,
+    csrfTokenHeaderName,
+  };
 }
 
 /**

diff --git a/django_unicorn/templates/unicorn/scripts.html b/django_unicorn/templates/unicorn/scripts.html
@@ -5,7 +5,7 @@
 
 <script>
     var url = "{% url 'django_unicorn:message' %}";
-    Unicorn.init(url);
+    Unicorn.init(url, "{{ CSRF_HEADER_NAME }}");
 </script>
 {% else %}
 <script type="module">
@@ -15,6 +15,6 @@
     window.Unicorn = Unicorn;
 
     var url = "{% url 'django_unicorn:message' %}";
-    Unicorn.init(url);
+    Unicorn.init(url, "{{ CSRF_HEADER_NAME }}");
 </script>
 {% endif %}
diff --git a/django_unicorn/templatetags/unicorn.py b/django_unicorn/templatetags/unicorn.py
@@ -13,10 +13,20 @@
 
 @register.inclusion_tag("unicorn/scripts.html")
 def unicorn_scripts():
-    # Import here to prevent th potential of this from loading before Django settings
+    # Import here to prevent the potential of this from loading before Django settings
     from django_unicorn.settings import get_setting
 
-    return {"MINIFIED": get_setting("MINIFIED", not settings.DEBUG)}
+    csrf_header_name = settings.CSRF_HEADER_NAME
+
+    if csrf_header_name.startswith("HTTP_"):
+        csrf_header_name = settings.CSRF_HEADER_NAME[5:]
+
+    csrf_header_name = csrf_header_name.replace("_", "-")
+
+    return {
+        "MINIFIED": get_setting("MINIFIED", not settings.DEBUG),
+        "CSRF_HEADER_NAME": csrf_header_name,
+    }
 
 
 @register.inclusion_tag("unicorn/errors.html", takes_context=True)

diff --git a/tests/js/unicorn/init.test.js b/tests/js/unicorn/init.test.js
@@ -0,0 +1,9 @@
+import test from "ava";
+import { init } from "../../../django_unicorn/static/js/unicorn.js";
+
+test("init unicorn", (t) => {
+  const actual = init("unicorn/", "X-Unicorn");
+
+  t.true(actual.messageUrl === "unicorn/");
+  t.true(actual.csrfTokenHeaderName === "X-Unicorn");
+});
diff --git a/tests/templatetags/test_unicorn_scripts.py b/tests/templatetags/test_unicorn_scripts.py
@@ -0,0 +1,38 @@
+from django_unicorn.templatetags.unicorn import unicorn_scripts
+
+
+def test_unicorn_scripts():
+    actual = unicorn_scripts()
+
+    assert actual["CSRF_HEADER_NAME"] == "X-CSRFTOKEN"
+    assert actual["MINIFIED"] is True
+
+
+def test_unicorn_scripts_debug(settings):
+    settings.DEBUG = True
+    actual = unicorn_scripts()
+
+    assert actual["CSRF_HEADER_NAME"] == "X-CSRFTOKEN"
+    assert actual["MINIFIED"] is False
+
+
+def test_unicorn_scripts_minified_true(settings):
+    settings.UNICORN = {"MINIFIED": True}
+    actual = unicorn_scripts()
+
+    assert actual["CSRF_HEADER_NAME"] == "X-CSRFTOKEN"
+    assert actual["MINIFIED"] is True
+
+
+def test_unicorn_scripts_minified_false(settings):
+    settings.UNICORN = {"MINIFIED": False}
+    actual = unicorn_scripts()
+
+    assert actual["MINIFIED"] is False
+
+
+def test_unicorn_scripts_csrf_header_name(settings):
+    settings.CSRF_HEADER_NAME = "HTTP_X_UNICORN"
+    actual = unicorn_scripts()
+
+    assert actual["CSRF_HEADER_NAME"] == "X-UNICORN"