Send an X-CSRFToken header when deleting integrations
Review Request #8490 — Created Oct. 25, 2016 and submitted
Previously, integrations could not be deleted. The view required a CSRF
token to be submitted but we were not sending one. Now we check for a
CSRF token field in the form before executing ourHTTP DELETE
request
and, if present, we add theX-CSRFToken
header to the request. This
allows integrations to be deleted.
Able to delete an integration with this patch applied.
Description | From | Last Updated |
---|---|---|
Because there's only ever one of these on the page, and .val() returns undefined when there are no matching elements, … |
david | |
There should only ever be one <input name="csrfmiddlewaretoken"> on the page, so this selector can just be $('input[name="csrfmiddlewaretoken"]') |
david |
-
-
djblets/integrations/templates/integrations/configure_integration.html (Diff revision 1) Because there's only ever one of these on the page, and
.val()
returnsundefined
when there are no matching elements, this whole thing could be:var csrfToken = $('input[name="csrfmiddlewaretoken"]').val(); if (csrfToken) { xhr.setRequestHeader('X-CSRFToken', csrfToken); }
-
Tool: PEP8 Style Checker Ignored Files: djblets/integrations/templates/integrations/configure_integration.html Tool: Pyflakes Ignored Files: djblets/integrations/templates/integrations/configure_integration.html
-
-
djblets/integrations/templates/integrations/configure_integration.html (Diff revision 2) There should only ever be one
<input name="csrfmiddlewaretoken">
on the page, so this selector can just be$('input[name="csrfmiddlewaretoken"]')