Changeset - 569199be3475
Parent rev.
Child rev.
[Not reviewed]
default
0 3 0
Mads Kiilerich - 11 years ago 2015-04-07 03:30:05
madski@unity3d.com
javascript: provide secure_form compatible_authentication_token in all AJAX POSTs

_authentication_token is introduced as a global javascript variable. That seems
less ugly than passing it through as parameter everywhere ... and the token
really _is_ a global thing.
3 files changed with 6 insertions and 2 deletions:
kallithea/lib/helpers.py
1
1
kallithea/public/js/base.js
3
1
kallithea/templates/base/root.html
2
0 comments (0 inline, 0 general)
kallithea/lib/helpers.py
Show inline comments
 
@@ -40,13 +40,13 @@ from webhelpers.html.tags import auto_di
 
    link_to_if, link_to_unless, ol, required_legend, select, stylesheet_link, \
 
    submit, text, password, textarea, title, ul, xml_declaration, radio
 
from webhelpers.html.tools import auto_link, button_to, highlight, \
 
    js_obfuscate, mail_to, strip_links, strip_tags, tag_re
 
from webhelpers.number import format_byte_size, format_bit_size
 
from webhelpers.pylonslib import Flash as _Flash
 
from webhelpers.pylonslib.secure_form import secure_form as form
 
from webhelpers.pylonslib.secure_form import secure_form as form, authentication_token
 
from webhelpers.text import chop_at, collapse, convert_accented_entities, \
 
    convert_misc_entities, lchop, plural, rchop, remove_formatting, \
 
    replace_whitespace, urlify, truncate, wrap_paragraphs
 
from webhelpers.date import time_ago_in_words
 
from webhelpers.paginate import Page as _Page
 
from webhelpers.html.tags import _set_input_attrs, _set_id_attr, \
kallithea/public/js/base.js
Show inline comments
 
@@ -388,12 +388,13 @@ var ajaxGET = function(url,success) {
 
                alert("Ajax GET error: " + textStatus);
 
        })
 
        ;
 
};
 

			




	
	
	
		
 
var ajaxPOST = function(url, postData, success, failure) {

			




	
	
	
		
 
    postData['_authentication_token'] = _authentication_token;

			




	
	
	
		
 
    var postData = _toQueryString(postData);

			




	
	
	
		
 
    if(failure === undefined) {

			




	
	
	
		
 
        failure = function(jqXHR, textStatus, errorThrown) {

			




	
	
	
		
 
                if (textStatus != "abort")

			




	
	
	
		
 
                    alert("Error posting to server: " + textStatus);

			




	
	
	
		
 
            };

			




	
	
		
 
@@ -457,20 +458,21 @@ var _onSuccessFollow = function(target){

			




	
	
	
		
 
        }

			




	
	
	
		
 
    }

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
var toggleFollowingRepo = function(target, follows_repo_id){

			




	
	
	
		
 
    var args = 'follows_repo_id=' + follows_repo_id;

			




	
	
	
		
 
    args += '&_authentication_token=' + _authentication_token;

			




	
	
	
		
 
    $.post(TOGGLE_FOLLOW_URL, args, function(data){

			




	
	
	
		
 
            _onSuccessFollow(target);

			




	
	
	
		
 
        });

			




	
	
	
		
 
    return false;

			




	
	
	
		
 
};

			




	
	
	
		
 

			




	
	
	
		
 
var showRepoSize = function(target, repo_name){

			




	
	
	
		
 
    var args = '';

			




	
	
	
		
 
    var args = '_authentication_token=' + _authentication_token;

			




	
	
	
		
 

			




	
	
	
		
 
    if(!$("#" + target).hasClass('loaded')){

			




	
	
	
		
 
        $("#" + target).html(_TM['Loading ...']);

			




	
	
	
		
 
        var url = pyroutes.url('repo_size', {"repo_name":repo_name});

			




	
	
	
		
 
        $.post(url, args, function(data) {

			




	
	
	
		
 
            $("#" + target).html(data);

			




        

    


    
    

    

        

                

                    kallithea/templates/base/root.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -52,12 +52,14 @@

			




	
	
	
		
 
            var TOGGLE_FOLLOW_URL  = "${h.url('toggle_following')}";

			




	
	
	
		
 

			




	
	
	
		
 
            var REPO_NAME = "";

			




	
	
	
		
 
            %if hasattr(c, 'repo_name'):

			




	
	
	
		
 
                var REPO_NAME = "${c.repo_name}";

			




	
	
	
		
 
            %endif

			




	
	
	
		
 

			




	
	
	
		
 
            var _authentication_token = "${h.authentication_token()}";

			




	
	
	
		
 
        </script>

			




	
	
	
		
 
        <script type="text/javascript" src="${h.url('/js/yui.2.9.js', ver=c.kallithea_version)}"></script>

			




	
	
	
		
 
        <script type="text/javascript" src="${h.url('/js/jquery-1.11.1.min.js', ver=c.kallithea_version)}"></script>

			




	
	
	
		
 
        <script type="text/javascript" src="${h.url('/js/bootstrap.js', ver=c.kallithea_version)}"></script>

			




	
	
	
		
 
        <script type="text/javascript" src="${h.url('/js/select2/select2.js', ver=c.kallithea_version)}"></script>

			




	
	
	
		
 
        <script type="text/javascript" src="${h.url('/js/mousetrap.js', ver=c.kallithea_version)}"></script>

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: clio-15553
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.
            – Support