Raxel Gutierrez <ra...@google.com> writes: > Currently in Patchwork, requests are made only through older methods via > form submissions, which means the UI is rendered strictly server-side. > This lags behind more modern and versatile approaches that use > JavaScript to send requests and dynamically update the UI based on the > respective responses. > > In order to make REST API requests on the client-side secure from CSRF > attacks, add the JS Cookie library which allows the CSRF token to be > passed in the request header. A following patch that introduces the > `rest.js` module will make use of the JS Cookie library in this patch. > > The library is a recommendation from Django docs [1]. The files for the > library can be downloaded in the releases page of the GitHub [2]. > > [1] https://docs.djangoproject.com/en/3.2/ref/csrf/#ajax > [2] https://github.com/js-cookie/js-cookie/releases > > Signed-off-by: Raxel Gutierrez <ra...@google.com>
Reviewed-by: Daniel Axtens <d...@axtens.net> I will merge this once we get the bugs fixed in the REST js. Something somewhere in the pipeline is corrupting the JS file so I will replace the js.cookie.min.js with the contents of the v3.0.0 release from the github repo when I merge it - thank you for the link. Kind regards, Daniel > --- > htdocs/README.rst | 9 +++++++++ > htdocs/js/js.cookie.min.js | 2 ++ > templates/base.html | 1 + > 3 files changed, 12 insertions(+) > create mode 100644 htdocs/js/js.cookie.min.js > > diff --git a/htdocs/README.rst b/htdocs/README.rst > index 62f15c23..128dc7c2 100644 > --- a/htdocs/README.rst > +++ b/htdocs/README.rst > @@ -122,6 +122,15 @@ js > :GitHub: jQuery plug-in to drag and drop rows in HTML tables > :Version: ??? > > +``js.cookie.min.js`` > + > + Library used to handle cookies. > + > + This is used to get the ``csrftoken`` cookie for AJAX requests in > JavaScript. > + > + :GitHub: https://github.com/js-cookie/js-cookie/ > + :Version: 3.0.0 > + > ``selectize.min.js`` > > Selectize is the hybrid of a ``textbox`` and ``<select>`` box. It's jQuery > diff --git a/htdocs/js/js.cookie.min.js b/htdocs/js/js.cookie.min.js > new file mode 100644 > index 00000000..63fc3ef9 > --- /dev/null > +++ b/htdocs/js/js.cookie.min.js > @@ -0,0 +1,2 @@ > +/*! js-cookie v3.0.0 | MIT */ > +!function(e,t){"object"==typeof exports&&"undefined"!=typeof > module?module.exports=t():"function"==typeof > define&&define.amd?define(t):(e=e||self,function(){var > n=e.Cookies,r=e.Cookies=t();r.noConflict=function(){return > e.Cookies=n,r}}())}(this,(function(){"use strict";function e(e){for(var > t=1;t<arguments.length;t++){var n=arguments[t];for(var r in > n)e[r]=n[r]}return e}var t={read:function(e){return > e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return > encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}};return > function n(r,o){function i(t,n,i){if("undefined"!=typeof > document){"number"==typeof(i=e({},o,i)).expires&&(i.expires=new > Date(Date.now()+864e5*i.expires)),i.expires&&(i.expires=i.expires.toUTCString()),t=encodeURIComponent(t).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape),n=r.write(n,t);var > c="";for(var u in i)i[u]&&(c+="; > "+u,!0!==i[u]&&(c+="="+i[u].split(";")[0]));return document.c oo > kie=t+"="+n+c}}return > Object.create({set:i,get:function(e){if("undefined"!=typeof > document&&(!arguments.length||e)){for(var > n=document.cookie?document.cookie.split("; "):[],o={},i=0;i<n.length;i++){var > c=n[i].split("="),u=c.slice(1).join("=");'"'===u[0]&&(u=u.slice(1,-1));try{var > f=t.read(c[0]);if(o[f]=r.read(u,f),e===f)break}catch(e){}}return > e?o[e]:o}},remove:function(t,n){i(t,"",e({},n,{expires:-1}))},withAttributes:function(t){return > n(this.converter,e({},this.attributes,t))},withConverter:function(t){return > n(e({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(o)},converter:{value:Object.freeze(r)}})}(t,{path:"/"})})); > diff --git a/templates/base.html b/templates/base.html > index a9d0906b..5d4349dd 100644 > --- a/templates/base.html > +++ b/templates/base.html > @@ -21,6 +21,7 @@ > <script src="{% static "js/bootstrap.min.js" %}"></script> > <script src="{% static "js/selectize.min.js" %}"></script> > <script src="{% static "js/clipboard.min.js" %}"></script> > + <script src="{% static "js/js.cookie.min.js" %}"></script> > <script> > $(document).ready(function() { > new Clipboard(document.querySelectorAll('button.btn-copy')); > -- > 2.33.0.rc1.237.g0d66db33f3-goog > > _______________________________________________ > Patchwork mailing list > Patchwork@lists.ozlabs.org > https://lists.ozlabs.org/listinfo/patchwork _______________________________________________ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
