X-Git-Url: https://git.openstreetmap.org./osqa.git/blobdiff_plain/b00a18907b95d74b040d7950bd18d2b2a7709cb1..21fa4fe96b79ae04c0cfb32591f00185dae98be3:/forum/skins/default/media/js/osqa.main.js diff --git a/forum/skins/default/media/js/osqa.main.js b/forum/skins/default/media/js/osqa.main.js index 49fedda..48de0b6 100644 --- a/forum/skins/default/media/js/osqa.main.js +++ b/forum/skins/default/media/js/osqa.main.js @@ -1,3 +1,29 @@ +/** + * We do not want the CSRF protection enabled for the AJAX post requests, it causes only trouble. + * Get the csrftoken cookie and pass it to the X-CSRFToken HTTP request property. + */ +$('html').ajaxSend(function(event, xhr, settings) { + function getCookie(name) { + var cookieValue = null; + if (document.cookie && document.cookie != '') { + var cookies = document.cookie.split(';'); + for (var i = 0; i < cookies.length; i++) { + var cookie = jQuery.trim(cookies[i]); + // Does this cookie string begin with the name we want? + if (cookie.substring(0, name.length + 1) == (name + '=')) { + cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); + break; + } + } + } + return cookieValue; + } + if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { + // Only send the token to relative URLs i.e. locally. + xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); + } +}); + var response_commands = { refresh_page: function() { window.location.reload(true) @@ -75,7 +101,7 @@ var response_commands = { alert('ok'); }, - insert_comment: function(post_id, comment_id, comment, username, profile_url, delete_url, edit_url, convert_url) { + insert_comment: function(post_id, comment_id, comment, username, profile_url, delete_url, edit_url, convert_url, can_convert) { var $container = $('#comments-container-' + post_id); var skeleton = $('#new-comment-skeleton-' + post_id).html().toString(); @@ -89,6 +115,11 @@ var response_commands = { $container.append(skeleton); + // Show the convert comment to answer tool only if the current comment can be converted + if (can_convert == true) { + $('#comment-' + comment_id + '-convert').show(); + } + $('#comment-' + comment_id).slideDown('slow'); }, @@ -328,19 +359,22 @@ $(function() { $('a.ajax-command').live('click', function(evt) { if (running) return false; - $('.context-menu-dropdown').slideUp('fast'); - var el = $(this); + var ajax_url = el.attr('href') + ajax_url = ajax_url + "?nocache=" + new Date().getTime() + + $('.context-menu-dropdown').slideUp('fast'); + if (el.is('.withprompt')) { - load_prompt(evt, el, el.attr('href')); + load_prompt(evt, el, ajax_url); } else if(el.is('.confirm')) { var doptions = { html: messages.confirm, extra_class: 'confirm', yes_callback: function() { start_command(); - $.getJSON(el.attr('href'), function(data) { + $.getJSON(ajax_url, function(data) { process_ajax_response(data, evt); $dialog.fadeOut('fast', function() { $dialog.remove(); @@ -358,7 +392,7 @@ $(function() { var $dialog = show_dialog(doptions); } else { start_command(); - $.getJSON(el.attr('href'), function(data) { + $.getJSON(ajax_url, function(data) { process_ajax_response(data, evt); }); } @@ -393,6 +427,7 @@ $(function() { if ($form.length) { var $textarea = $container.find('textarea'); var textarea = $textarea.get(0); + var $csrf = $container.find('[name="csrfmiddlewaretoken"]'); var $button = $container.find('.comment-submit'); var $cancel = $container.find('.comment-cancel'); var $chars_left_message = $container.find('.comments-chars-left-msg'); @@ -521,7 +556,8 @@ $(function() { if (running) return false; var post_data = { - comment: $textarea.val() + comment: $textarea.val(), + csrfmiddlewaretoken: $csrf.val() } if (comment_in_form) {