sam-thecoder · December 30, 2018 08:22
diff --git a/login-script.js b/login-script.js
 /*CSRF Code */
 function csrfSafeMethod(method) {
    // these HTTP methods do not require CSRF protection
    return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
 }
 function sameOrigin(url) {
    // test that a given url is a same-origin URL
    // url could be relative or scheme relative or absolute
    var host = document.location.host; // host + port
    var protocol = document.location.protocol;
    var sr_origin = '//' + host;
    var origin = protocol + sr_origin;
    // Allow absolute or scheme relative URLs to same origin
    return (url == origin || url.slice(0, origin.length + 1) == origin + '/') ||
        (url == sr_origin || url.slice(0, sr_origin.length + 1) == sr_origin + '/') ||
        // or any other URL that isn't scheme relative or absolute i.e relative.
        !(/^(\/\/|http:|https:).*/.test(url));
 }
 /* End CSRF Code */

 $('#login-form').submit(function(event) {
        event.preventDefault();
 var data = {
            'username': $('#username').val(),
            'password': $('#password').val(),
            'captcha-result': $('#captcha').val(),
            'captcha-ref-id': $('#ref-id').attr('value')
        }
 var csrftoken = $.cookie('csrftoken');
 $.ajax({
            url: "/login-ajax",
            type: "POST",
            dataType: 'json',
            beforeSend: function(xhr, settings) {
                if (!csrfSafeMethod(settings.type) && sameOrigin(settings.url)) {
                    // Send the token to same-origin, relative URLs only.
                    // Send the token only if the method warrants CSRF protection
                    // Using the CSRFToken value acquired earlier
                    xhr.setRequestHeader("X-CSRFToken", csrftoken);
                }
 },
            data: JSON.stringify(data),
            success: function(response){
                if (response['status'] == 'failed') {
                    $('#captcha-img').attr('src', response['captcha-url']);
                    $('#ref-id').attr('value', response['ref-id']);
                    $('.form-error').text(response['error-message']);
                } else if (response['status'] == 'ok') {
                    window.location.replace("/admin/");
                }
 },
            error: function(xhr){
                
            },
 });
        
        /* End Ajax Call */
 });
	/CSRF Code /
	function csrfSafeMethod(method) {
	// these HTTP methods do not require CSRF protection
	return (/^(GET\|HEAD\|OPTIONS\|TRACE)$/.test(method));
	}
	function sameOrigin(url) {
	// test that a given url is a same-origin URL
	// url could be relative or scheme relative or absolute
	var host = document.location.host; // host + port
	var protocol = document.location.protocol;
	var sr_origin = '//' + host;
	var origin = protocol + sr_origin;
	// Allow absolute or scheme relative URLs to same origin
	return (url == origin \|\| url.slice(0, origin.length + 1) == origin + '/') \|\|
	(url == sr_origin \|\| url.slice(0, sr_origin.length + 1) == sr_origin + '/') \|\|
	// or any other URL that isn't scheme relative or absolute i.e relative.
	!(/^(\/\/\|http:\|https:).*/.test(url));
	}
	/* End CSRF Code */

	$('#login-form').submit(function(event) {
	event.preventDefault();
	var data = {
	'username': $('#username').val(),
	'password': $('#password').val(),
	'captcha-result': $('#captcha').val(),
	'captcha-ref-id': $('#ref-id').attr('value')
	}
	var csrftoken = $.cookie('csrftoken');
	$.ajax({
	url: "/login-ajax",
	type: "POST",
	dataType: 'json',
	beforeSend: function(xhr, settings) {
	if (!csrfSafeMethod(settings.type) && sameOrigin(settings.url)) {
	// Send the token to same-origin, relative URLs only.
	// Send the token only if the method warrants CSRF protection
	// Using the CSRFToken value acquired earlier
	xhr.setRequestHeader("X-CSRFToken", csrftoken);
	}
	},
	data: JSON.stringify(data),
	success: function(response){
	if (response['status'] == 'failed') {
	$('#captcha-img').attr('src', response['captcha-url']);
	$('#ref-id').attr('value', response['ref-id']);
	$('.form-error').text(response['error-message']);
	} else if (response['status'] == 'ok') {
	window.location.replace("/admin/");
	}
	},
	error: function(xhr){

	},
	});

	/* End Ajax Call */
	});