- **status**: in-progress --> review - **Comment**: Closed #819. Force-pushed `ib/7685`
I changed it to ajax, but there are still some improvements needed that I wanted to discuss with you beforehand. Firstly, in allura theme we don't have separate icons for "subscribed" and "unsubscribed" state. So it seems to user that nothing changes, when she clicks "Subscribe/unsubscribe" button. SF theme does not have this problem, since we're using font for icons and "active" styles actually work there (blue text-shadow). I think we should use Font Awesome or something instead of sprites on allura theme also. Probably will need another ticket for that. Or at least have separate sprites for different states. Secondly, there're no any feedback when subscribe request is in progress, i.e. immediately after click. I have tried to use a little spinner for that, but there are gradient on the background and a spinner with transparent background looks ugly on such scale. Do you have some ideas what we can use to indicate request progress? Maybe some css transition to scale or spin the icon? Thirdly, we have one confusing use case for subscriptions. Let's suppose user is subscribed to entire tracker and then he tries to subscribe to the individual ticket in this tracker. He will **not** be subscribed to the ticket, since he already has subscription for entire tool, so even if we would fix my first and second point above, user will see that nothing changed, and that's also confusing. I'm thinking we should show some kind of message in that case to clear things up. It could be tooltip-like message above the subscription icon or something like flash message in the top right corner. What do you think? --- ** [tickets:#7685] Subscribe/unsubscribe action should use POST** **Status:** review **Milestone:** unreleased **Labels:** 42cc sf-current sf-2 **Created:** Tue Sep 16, 2014 05:35 AM UTC by Igor Bondarenko **Last Updated:** Thu Jul 09, 2015 01:03 PM UTC **Owner:** Igor Bondarenko Currently all of subscribe/unsubscribe buttons (in the topbar of any tool's page and in the wiki sidebar) are using GET to make an action. Their should require POST to avoid CSRF. See also discussion at [#4905] --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
