On Tue, 2021-08-17 at 21:33 +0000, Raxel Gutierrez wrote: > Currently in Patchwork, requests are made only through older methods via > form submissions, which means the UI is rendered strictly server-side. > This lags behind more modern and versatile approaches that use > JavaScript to send requests and dynamically update the UI based on the > respective responses. > > In order to make REST API requests on the client-side secure from CSRF > attacks, add the JS Cookie library which allows the CSRF token to be > passed in the request header. A following patch that introduces the > `rest.js` module will make use of the JS Cookie library in this patch. > > The library is a recommendation from Django docs [1]. The files for the > library can be downloaded in the releases page of the GitHub [2]. > > [1] https://docs.djangoproject.com/en/3.2/ref/csrf/#ajax > [2] https://github.com/js-cookie/js-cookie/releases > > Signed-off-by: Raxel Gutierrez <ra...@google.com> > Reviewed-by: Daniel Axtens <dja at axtens.net>
As Daniel noted elsewhere, I needed to add the file manually due to the munging that Mailman or some other component in the email pipeline is introducing but otherwise this was fine. Reviewed-by: Stephen Finucane <step...@that.guru> and applied, since it seems obvious we'll be using it in one form or another and we can revert this if not. Cheers, Stephen _______________________________________________ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
