[bitbake-devel] [PATCH 6/8] toastergui: add csrf tokens for AJAX calls

Alex DAMIAN alexandru.damian at intel.com
Thu Feb 26 21:41:59 UTC 2015 

From: Alexandru DAMIAN <alexandru.damian at intel.com>

This patch adds CSRF tokens in pages using AJAX calls in
order to force Django to generate the CSRF cookie used to
authenticate the call.

Signed-off-by: Alexandru DAMIAN <alexandru.damian at intel.com>
---
 lib/toaster/toastergui/templates/layers.html              | 1 +
 lib/toaster/toastergui/templates/managed_mrb_section.html | 1 +
 lib/toaster/toastergui/templates/projectconf.html         | 1 +
 lib/toaster/toastergui/templates/targets.html             | 1 +
 4 files changed, 4 insertions(+)

diff --git a/lib/toaster/toastergui/templates/layers.html b/lib/toaster/toastergui/templates/layers.html
index 5cfda5b..864e156 100644
--- a/lib/toaster/toastergui/templates/layers.html
+++ b/lib/toaster/toastergui/templates/layers.html
@@ -117,6 +117,7 @@
 
 var tooltipUpdateText;
 
+/* ensure csrf cookie exists {% csrf_token %} */
 function _makeXHREditCall(data, onsuccess, onfail) {
     $.ajax( {
         type: "POST",
diff --git a/lib/toaster/toastergui/templates/managed_mrb_section.html b/lib/toaster/toastergui/templates/managed_mrb_section.html
index 08bb05d..d6e32f8 100644
--- a/lib/toaster/toastergui/templates/managed_mrb_section.html
+++ b/lib/toaster/toastergui/templates/managed_mrb_section.html
@@ -156,6 +156,7 @@
 
 <script>
 
+/* ensure csrf cookie exists {% csrf_token %} */
 function _makeXHRBuildCall(url, data, onsuccess, onfail) {
     $.ajax( {
         type: "POST",
diff --git a/lib/toaster/toastergui/templates/projectconf.html b/lib/toaster/toastergui/templates/projectconf.html
index 9cacce4..dde8a11 100644
--- a/lib/toaster/toastergui/templates/projectconf.html
+++ b/lib/toaster/toastergui/templates/projectconf.html
@@ -429,6 +429,7 @@
             // re-assert the event handlers
         }
 
+	/* ensure cookie exists {% csrf_token %} */
         function postEditAjaxRequest(reqdata) {
             var ajax = $.ajax({
                     type:"POST",
diff --git a/lib/toaster/toastergui/templates/targets.html b/lib/toaster/toastergui/templates/targets.html
index 234159a..690c6a5 100644
--- a/lib/toaster/toastergui/templates/targets.html
+++ b/lib/toaster/toastergui/templates/targets.html
@@ -120,6 +120,7 @@
 
 var tooltipUpdateText;
 
+/* ensure csrf cookie exists {% csrf_token %} */
 function _makeXHREditCall(data, onsuccess, onfail) {
     $.ajax( {
         type: "POST",
-- 
1.9.1

More information about the bitbake-devel mailing list