Mercurial > kallithea

changeset 4992:569199be3475

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
javascript: provide secure_form compatible_authentication_token in all AJAX POSTs _authentication_token is introduced as a global javascript variable. That seems less ugly than passing it through as parameter everywhere ... and the token really _is_ a global thing.
author Mads Kiilerich <madski@unity3d.com>
date Tue, 07 Apr 2015 03:30:05 +0200
parents aef21d16a262
children 0efca3ad8467
files kallithea/lib/helpers.py kallithea/public/js/base.js kallithea/templates/base/root.html
diffstat 3 files changed, 6 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/helpers.py	Fri Mar 27 16:25:27 2015 +0100
+++ b/kallithea/lib/helpers.py	Tue Apr 07 03:30:05 2015 +0200
@@ -43,7 +43,7 @@
     js_obfuscate, mail_to, strip_links, strip_tags, tag_re
 from webhelpers.number import format_byte_size, format_bit_size
 from webhelpers.pylonslib import Flash as _Flash
-from webhelpers.pylonslib.secure_form import secure_form as form
+from webhelpers.pylonslib.secure_form import secure_form as form, authentication_token
 from webhelpers.text import chop_at, collapse, convert_accented_entities, \
     convert_misc_entities, lchop, plural, rchop, remove_formatting, \
     replace_whitespace, urlify, truncate, wrap_paragraphs
--- a/kallithea/public/js/base.js	Fri Mar 27 16:25:27 2015 +0100
+++ b/kallithea/public/js/base.js	Tue Apr 07 03:30:05 2015 +0200
@@ -391,6 +391,7 @@
 };
 
 var ajaxPOST = function(url, postData, success, failure) {
+    postData['_authentication_token'] = _authentication_token;
     var postData = _toQueryString(postData);
     if(failure === undefined) {
         failure = function(jqXHR, textStatus, errorThrown) {
@@ -460,6 +461,7 @@
 
 var toggleFollowingRepo = function(target, follows_repo_id){
     var args = 'follows_repo_id=' + follows_repo_id;
+    args += '&amp;_authentication_token=' + _authentication_token;
     $.post(TOGGLE_FOLLOW_URL, args, function(data){
             _onSuccessFollow(target);
         });
@@ -467,7 +469,7 @@
 };
 
 var showRepoSize = function(target, repo_name){
-    var args = '';
+    var args = '_authentication_token=' + _authentication_token;
 
     if(!$("#" + target).hasClass('loaded')){
         $("#" + target).html(_TM['Loading ...']);
--- a/kallithea/templates/base/root.html	Fri Mar 27 16:25:27 2015 +0100
+++ b/kallithea/templates/base/root.html	Tue Apr 07 03:30:05 2015 +0200
@@ -55,6 +55,8 @@
             %if hasattr(c, 'repo_name'):
                 var REPO_NAME = "${c.repo_name}";
             %endif
+
+            var _authentication_token = "${h.authentication_token()}";
         </script>
         <script type="text/javascript" src="${h.url('/js/yui.2.9.js', ver=c.kallithea_version)}"></script>
         <script type="text/javascript" src="${h.url('/js/jquery-1.11.1.min.js', ver=c.kallithea_version)}"></script>