betodealmeida commented on a change in pull request #5524: A tagging system for
dashboards, charts and queries
URL:
https://github.com/apache/incubator-superset/pull/5524#discussion_r207615765
##########
File path: superset/assets/src/dashboard/components/Header.jsx
##########
@@ -6,12 +6,21 @@ import HeaderActionsDropdown from './HeaderActionsDropdown';
import EditableTitle from '../../components/EditableTitle';
import Button from '../../components/Button';
import FaveStar from '../../components/FaveStar';
+import ObjectTags from '../../components/ObjectTags';
import UndoRedoKeylisteners from './UndoRedoKeylisteners';
+import {
+ addTag,
+ deleteTag,
+ fetchSuggestions,
+ fetchTags,
+} from '../../welcome/Tags';
import { chartPropShape } from '../util/propShapes';
import { t } from '../../locales';
import { UNDO_LIMIT, SAVE_TYPE_OVERWRITE } from '../util/constants';
+const CSRF_TOKEN = (document.getElementById('csrf_token') || {}).value;
Review comment:
@mistercrunch, I'm not sure how to avoid doing this. It seems to be in line
with [the docs for CSRF in
Flask](http://flask-wtf.readthedocs.io/en/stable/csrf.html#javascript-requests):
the token is only present in the DOM if the user is authenticated (since it's
added by the template), so my understanding is that it should be fine. And the
token is already there in the DOM at this point, assigning it to `CSRF_TOKEN`
here is just a shortcut.
I looked at other AJAX requests in Superset. They're using jQuery after
calling `initJQueryAjax`, which also loads the token into a `$.settings` so it
can be reused in all subsequent requests.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
