diff --git a/kallithea/lib/helpers.py b/kallithea/lib/helpers.py
--- a/kallithea/lib/helpers.py
+++ b/kallithea/lib/helpers.py
@@ -43,7 +43,7 @@ from webhelpers.html.tools import auto_l
js_obfuscate, mail_to, strip_links, strip_tags, tag_re
from webhelpers.number import format_byte_size, format_bit_size
from webhelpers.pylonslib import Flash as _Flash
-from webhelpers.pylonslib.secure_form import secure_form as form
+from webhelpers.pylonslib.secure_form import secure_form as form, authentication_token
from webhelpers.text import chop_at, collapse, convert_accented_entities, \
convert_misc_entities, lchop, plural, rchop, remove_formatting, \
replace_whitespace, urlify, truncate, wrap_paragraphs
diff --git a/kallithea/public/js/base.js b/kallithea/public/js/base.js
--- a/kallithea/public/js/base.js
+++ b/kallithea/public/js/base.js
@@ -391,6 +391,7 @@ var ajaxGET = function(url,success) {
};
var ajaxPOST = function(url, postData, success, failure) {
+ postData['_authentication_token'] = _authentication_token;
var postData = _toQueryString(postData);
if(failure === undefined) {
failure = function(jqXHR, textStatus, errorThrown) {
@@ -460,6 +461,7 @@ var _onSuccessFollow = function(target){
var toggleFollowingRepo = function(target, follows_repo_id){
var args = 'follows_repo_id=' + follows_repo_id;
+ args += '&_authentication_token=' + _authentication_token;
$.post(TOGGLE_FOLLOW_URL, args, function(data){
_onSuccessFollow(target);
});
@@ -467,7 +469,7 @@ var toggleFollowingRepo = function(targe
};
var showRepoSize = function(target, repo_name){
- var args = '';
+ var args = '_authentication_token=' + _authentication_token;
if(!$("#" + target).hasClass('loaded')){
$("#" + target).html(_TM['Loading ...']);
diff --git a/kallithea/templates/base/root.html b/kallithea/templates/base/root.html
--- a/kallithea/templates/base/root.html
+++ b/kallithea/templates/base/root.html
@@ -55,6 +55,8 @@
%if hasattr(c, 'repo_name'):
var REPO_NAME = "${c.repo_name}";
%endif
+
+ var _authentication_token = "${h.authentication_token()}";