Coder Social home page Coder Social logo

no csrf token when saving about mercury HOT 5 CLOSED

jejacks0n avatar jejacks0n commented on August 23, 2024
no csrf token when saving

from mercury.

Comments (5)

jejacks0n avatar jejacks0n commented on August 23, 2024

Yes, you're right.. So Rails includes a javascript file that puts this into every ajax request, so it wasn't needed for rails.. You're solution is pretty spot on though, and if you're interested I'll work with you on getting it into the coffeescript proper so it'll build properly for you with this included.

I agree that this should be built into Mercury so that javascript file isn't required -- to support other frameworks better.

from mercury.

lvanderree avatar lvanderree commented on August 23, 2024

Hi Jeremy,

that would be great! I am taking a look at CoffeeScript as well so I can provide you with real patches in the future

from mercury.

jejacks0n avatar jejacks0n commented on August 23, 2024

I updated this to be a little easier.. instead of overriding save, you should be able to do it with just configuration now. I added two configuration options. One for where to find the token, and one for the header with which to give it back to the server.

You should be able to do this now:
change Mercury.config.csrfSelector to match what your framework outputs.
change Mercury.config.csrfHeader to match what your framework expects.

If that doesn't cover all your needs, there's a new method in PageEditor. #saveHeaders is expected to return an object, of any headers you'd like to include in the save Ajax request. By default it uses what you've configured, but you're free to change that however you'd like based on need.

Mercury.PageEditor.prototype.saveHeaders = function() {
  return {'X-CSRF': '[the_token]'};
};

from mercury.

lvanderree avatar lvanderree commented on August 23, 2024

Absolutely briljant!

I think I found one error though: you forget to make use of Mercury.config.csrfHeader for the upload method.

I changed

  if (token = jQuery(Mercury.config.csrfSelector).attr('content')) {
    Mercury.csrfToken = token;
  }

to

  if (token = jQuery(Mercury.config.csrfSelector).attr('content')) {
    Mercury.csrfToken = token;
    Mercury.csrfTag = Mercury.config.csrfHeader;
  }

and

  xhr.setRequestHeader('X-CSRF-Token', Mercury.csrfToken);

to

  xhr.setRequestHeader(Mercury.csrfTag, Mercury.csrfToken);

from mercury.

jejacks0n avatar jejacks0n commented on August 23, 2024

right right.. good catch.

from mercury.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.