Skip to content

Commit

Permalink
Validate timezone data from client side before setting the cookie (#104)
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexkiro
alexkiro authored Sep 4, 2024
1 parent 08c39d3 commit eb0b376
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion digital_agenda/apps/core/views/misc.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
import zoneinfo

from constance import config
from django.conf import settings
from django.http import HttpResponseBadRequest
from django.utils.decorators import method_decorator
from django.views.decorators.cache import never_cache
from django.views.decorators.csrf import ensure_csrf_cookie
Expand Down Expand Up @@ -32,10 +35,15 @@ class SetTimezoneView(APIView):
permission_classes = (AllowAny,)

def post(self, request, *args, **kwargs):
try:
zone = zoneinfo.ZoneInfo(request.data["timezone"])
except zoneinfo.ZoneInfoNotFoundError:
return HttpResponseBadRequest()

response = Response(status=HTTP_204_NO_CONTENT)
response.set_cookie(
settings.TIMEZONE_COOKIE,
request.data["timezone"],
zone.key,
secure=settings.HAS_HTTPS,
samesite="strict",
)
Expand Down

0 comments on commit eb0b376

Please sign in to comment.