Currently in Patchwork, requests are made only through older methods via form submissions, which means the UI is rendered strictly server-side. This lags behind more modern and versatile approaches that use JavaScript to send requests and dynamically update the UI based on the respective responses.
In order to make REST API requests on the client-side secure from CSRF attacks, add the JS Cookie library which allows the CSRF token to be passed in the request header. A following patch that introduces the `rest.js` module will make use of the JS Cookie library in this patch. The library is a recommendation from Django docs [1]. The files for the library can be downloaded in the releases page of the GitHub [2]. [1] https://docs.djangoproject.com/en/3.2/ref/csrf/#ajax [2] https://github.com/js-cookie/js-cookie/releases Signed-off-by: Raxel Gutierrez <ra...@google.com> --- htdocs/README.rst | 9 +++++++++ htdocs/js/js.cookie.min.js | 2 ++ templates/base.html | 1 + 3 files changed, 12 insertions(+) create mode 100644 htdocs/js/js.cookie.min.js diff --git a/htdocs/README.rst b/htdocs/README.rst index 62f15c23..128dc7c2 100644 --- a/htdocs/README.rst +++ b/htdocs/README.rst @@ -122,6 +122,15 @@ js :GitHub: jQuery plug-in to drag and drop rows in HTML tables :Version: ??? +``js.cookie.min.js`` + + Library used to handle cookies. + + This is used to get the ``csrftoken`` cookie for AJAX requests in JavaScript. + + :GitHub: https://github.com/js-cookie/js-cookie/ + :Version: 3.0.0 + ``selectize.min.js`` Selectize is the hybrid of a ``textbox`` and ``<select>`` box. It's jQuery diff --git a/htdocs/js/js.cookie.min.js b/htdocs/js/js.cookie.min.js new file mode 100644 index 00000000..63fc3ef9 --- /dev/null +++ b/htdocs/js/js.cookie.min.js @@ -0,0 +1,2 @@ +/*! js-cookie v3.0.0 | MIT */ +!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e=e||self,function(){var n=e.Cookies,r=e.Cookies=t();r.noConflict=function(){return e.Cookies=n,r}}())}(this,(function(){"use strict";function e(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)e[r]=n[r]}return e}var t={read:function(e){return e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}};return function n(r,o){function i(t,n,i){if("undefined"!=typeof document){"number"==typeof(i=e({},o,i)).expires&&(i.expires=new Date(Date.now()+864e5*i.expires)),i.expires&&(i.expires=i.expires.toUTCString()),t=encodeURIComponent(t).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape),n=r.write(n,t);var c="";for(var u in i)i[u]&&(c+="; "+u,!0!==i[u]&&(c+="="+i[u].split(";")[0]));return document.coo kie=t+"="+n+c}}return Object.create({set:i,get:function(e){if("undefined"!=typeof document&&(!arguments.length||e)){for(var n=document.cookie?document.cookie.split("; "):[],o={},i=0;i<n.length;i++){var c=n[i].split("="),u=c.slice(1).join("=");'"'===u[0]&&(u=u.slice(1,-1));try{var f=t.read(c[0]);if(o[f]=r.read(u,f),e===f)break}catch(e){}}return e?o[e]:o}},remove:function(t,n){i(t,"",e({},n,{expires:-1}))},withAttributes:function(t){return n(this.converter,e({},this.attributes,t))},withConverter:function(t){return n(e({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(o)},converter:{value:Object.freeze(r)}})}(t,{path:"/"})})); diff --git a/templates/base.html b/templates/base.html index a9d0906b..5d4349dd 100644 --- a/templates/base.html +++ b/templates/base.html @@ -21,6 +21,7 @@ <script src="{% static "js/bootstrap.min.js" %}"></script> <script src="{% static "js/selectize.min.js" %}"></script> <script src="{% static "js/clipboard.min.js" %}"></script> + <script src="{% static "js/js.cookie.min.js" %}"></script> <script> $(document).ready(function() { new Clipboard(document.querySelectorAll('button.btn-copy')); -- 2.33.0.rc1.237.g0d66db33f3-goog _______________________________________________ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
