Mercurial > kallithea
changeset 4992:569199be3475
javascript: provide secure_form compatible_authentication_token in all AJAX POSTs
_authentication_token is introduced as a global javascript variable. That seems
less ugly than passing it through as parameter everywhere ... and the token
really _is_ a global thing.
author | Mads Kiilerich <madski@unity3d.com> |
---|---|
date | Tue, 07 Apr 2015 03:30:05 +0200 |
parents | aef21d16a262 |
children | 0efca3ad8467 |
files | kallithea/lib/helpers.py kallithea/public/js/base.js kallithea/templates/base/root.html |
diffstat | 3 files changed, 6 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/helpers.py Fri Mar 27 16:25:27 2015 +0100 +++ b/kallithea/lib/helpers.py Tue Apr 07 03:30:05 2015 +0200 @@ -43,7 +43,7 @@ js_obfuscate, mail_to, strip_links, strip_tags, tag_re from webhelpers.number import format_byte_size, format_bit_size from webhelpers.pylonslib import Flash as _Flash -from webhelpers.pylonslib.secure_form import secure_form as form +from webhelpers.pylonslib.secure_form import secure_form as form, authentication_token from webhelpers.text import chop_at, collapse, convert_accented_entities, \ convert_misc_entities, lchop, plural, rchop, remove_formatting, \ replace_whitespace, urlify, truncate, wrap_paragraphs
--- a/kallithea/public/js/base.js Fri Mar 27 16:25:27 2015 +0100 +++ b/kallithea/public/js/base.js Tue Apr 07 03:30:05 2015 +0200 @@ -391,6 +391,7 @@ }; var ajaxPOST = function(url, postData, success, failure) { + postData['_authentication_token'] = _authentication_token; var postData = _toQueryString(postData); if(failure === undefined) { failure = function(jqXHR, textStatus, errorThrown) { @@ -460,6 +461,7 @@ var toggleFollowingRepo = function(target, follows_repo_id){ var args = 'follows_repo_id=' + follows_repo_id; + args += '&_authentication_token=' + _authentication_token; $.post(TOGGLE_FOLLOW_URL, args, function(data){ _onSuccessFollow(target); }); @@ -467,7 +469,7 @@ }; var showRepoSize = function(target, repo_name){ - var args = ''; + var args = '_authentication_token=' + _authentication_token; if(!$("#" + target).hasClass('loaded')){ $("#" + target).html(_TM['Loading ...']);
--- a/kallithea/templates/base/root.html Fri Mar 27 16:25:27 2015 +0100 +++ b/kallithea/templates/base/root.html Tue Apr 07 03:30:05 2015 +0200 @@ -55,6 +55,8 @@ %if hasattr(c, 'repo_name'): var REPO_NAME = "${c.repo_name}"; %endif + + var _authentication_token = "${h.authentication_token()}"; </script> <script type="text/javascript" src="${h.url('/js/yui.2.9.js', ver=c.kallithea_version)}"></script> <script type="text/javascript" src="${h.url('/js/jquery-1.11.1.min.js', ver=c.kallithea_version)}"></script>