]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/skins/default/media/js/osqa.main.js
projects / osqa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Resolves OSQA-662. We pass the CSRF Token to the AJAX request during the ajax send...
[osqa.git] / forum / skins / default / media / js / osqa.main.js
diff --git a/forum/skins/default/media/js/osqa.main.js b/forum/skins/default/media/js/osqa.main.js
index 49fedda89dd8f9a23ac449b9353cb3f0f1d0a893..48de0b6074255de759059d298de633e78d55c929 100644 (file)
--- a/forum/skins/default/media/js/osqa.main.js
+++ b/forum/skins/default/media/js/osqa.main.js
@@ -1,3 +1,29 @@
+/**\r
+ * We do not want the CSRF protection enabled for the AJAX post requests, it causes only trouble.\r
+ * Get the csrftoken cookie and pass it to the X-CSRFToken HTTP request property.\r
+ */\r
+$('html').ajaxSend(function(event, xhr, settings) {\r
+    function getCookie(name) {\r
+        var cookieValue = null;\r
+        if (document.cookie && document.cookie != '') {\r
+            var cookies = document.cookie.split(';');\r
+            for (var i = 0; i < cookies.length; i++) {\r
+                var cookie = jQuery.trim(cookies[i]);\r
+                // Does this cookie string begin with the name we want?\r
+                if (cookie.substring(0, name.length + 1) == (name + '=')) {\r
+                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));\r
+                    break;\r
+                }\r
+            }\r
+        }\r
+        return cookieValue;\r
+    }\r
+    if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {\r
+        // Only send the token to relative URLs i.e. locally.\r
+        xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));\r
+    }\r
+});\r
+\r
 var response_commands = {\r
     refresh_page: function() {\r
         window.location.reload(true)\r
@@ -75,7 +101,7 @@ var response_commands = {
         alert('ok');\r
     },\r
 \r
-    insert_comment: function(post_id, comment_id, comment, username, profile_url, delete_url, edit_url, convert_url) {\r
+    insert_comment: function(post_id, comment_id, comment, username, profile_url, delete_url, edit_url, convert_url, can_convert) {\r
         var $container = $('#comments-container-' + post_id);\r
         var skeleton = $('#new-comment-skeleton-' + post_id).html().toString();\r
 \r
@@ -89,6 +115,11 @@ var response_commands = {
 \r
         $container.append(skeleton);\r
 \r
+        // Show the convert comment to answer tool only if the current comment can be converted\r
+        if (can_convert == true) {\r
+            $('#comment-' + comment_id + '-convert').show();\r
+        }\r
+\r
         $('#comment-' + comment_id).slideDown('slow');\r
     },\r
 \r
@@ -328,19 +359,22 @@ $(function() {
     $('a.ajax-command').live('click', function(evt) {\r
         if (running) return false;\r
 \r
-        $('.context-menu-dropdown').slideUp('fast');\r
-\r
         var el = $(this);\r
 \r
+        var ajax_url = el.attr('href')\r
+        ajax_url = ajax_url + "?nocache=" + new Date().getTime()\r
+\r
+        $('.context-menu-dropdown').slideUp('fast');\r
+\r
         if (el.is('.withprompt')) {\r
-            load_prompt(evt, el, el.attr('href'));\r
+            load_prompt(evt, el, ajax_url);\r
         } else if(el.is('.confirm')) {\r
             var doptions = {\r
                 html: messages.confirm,\r
                 extra_class: 'confirm',\r
                 yes_callback: function() {\r
                     start_command();\r
-                    $.getJSON(el.attr('href'), function(data) {\r
+                    $.getJSON(ajax_url, function(data) {\r
                         process_ajax_response(data, evt);\r
                         $dialog.fadeOut('fast', function() {\r
                             $dialog.remove();\r
@@ -358,7 +392,7 @@ $(function() {
             var $dialog = show_dialog(doptions);\r
         } else {\r
             start_command();\r
-            $.getJSON(el.attr('href'), function(data) {\r
+            $.getJSON(ajax_url, function(data) {\r
                 process_ajax_response(data, evt);\r
             });\r
         }\r
@@ -393,6 +427,7 @@ $(function() {
         if ($form.length) {\r
             var $textarea = $container.find('textarea');\r
             var textarea = $textarea.get(0);\r
+            var $csrf = $container.find('[name="csrfmiddlewaretoken"]');\r
             var $button = $container.find('.comment-submit');\r
             var $cancel = $container.find('.comment-cancel');\r
             var $chars_left_message = $container.find('.comments-chars-left-msg');\r
@@ -521,7 +556,8 @@ $(function() {
                 if (running) return false;\r
 \r
                 var post_data = {\r
-                    comment: $textarea.val()\r
+                    comment: $textarea.val(),\r
+                    csrfmiddlewaretoken: $csrf.val()\r
                 }\r
 \r
                 if (comment_in_form) {\r
OSQA