Hi, Raxel Gutierrez wrote:
> As per Django docs[1], the library is useful to add csrftoken when > making AJAX requests in JavaScript. More details in the README GitHub > link provided. > > [1] https://docs.djangoproject.com/en/3.2/ref/csrf/#ajax > > Signed-off-by: Raxel Gutierrez <ra...@google.com> > --- The first thing I wonder when looking at the description above is "why wasn't this needed before"? There are no existing users of document.cookie in patchwork. Is the point that all existing code uses {% csrf_token %} in forms generated by the server instead of dynamically generated requests? If so, makes sense. [...] > --- /dev/null > +++ b/htdocs/js/js.cookie-2.2.1.min.js > @@ -0,0 +1,3 @@ > +/*! js-cookie v2.2.1 | MIT */ How do we decide between this going in lib/packages/ versus htdocs/js/? (That's a genuine question --- I don't understand patchwork's current split. Is the idea that lib/packages/ is supposed to contain a package with a README and htdocs/js/ is supposed to contain symlinks to there?) [...] > --- a/templates/base.html > +++ b/templates/base.html > @@ -21,6 +21,7 @@ > <script src="{% static "js/bootstrap.min.js" %}"></script> > <script src="{% static "js/selectize.min.js" %}"></script> > <script src="{% static "js/clipboard.min.js" %}"></script> > + <script src="{% static "js/js.cookie-2.2.1.min.js" %}"></script> Should this use an unversioned URL like the rest of these? Also, how do we decide between putting this in base.html (i.e., all pages) versus specific pages making requests that need a csrf token? The script is small enough that it shouldn't make a difference, but asking anyway because I am curious. Thanks, Jonathan _______________________________________________ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
