Send an X-CSRFToken header when deleting integrations

Review Request #8490 - Created Oct. 26, 2016 and submitted

Barret Rennie
Djblets
release-0.10.x
djblets

Previously, integrations could not be deleted. The view required a CSRF
token to be submitted but we were not sending one. Now we check for a
CSRF token field in the form before executing our HTTP DELETE request
and, if present, we add the X-CSRFToken header to the request. This
allows integrations to be deleted.

Able to delete an integration with this patch applied.

  • 0
  • 0
  • 2
  • 0
  • 2
Description From Last Updated
Review Bot
  1. Tool: PEP8 Style Checker
    Ignored Files:
        djblets/integrations/templates/integrations/configure_integration.html
    
    
    
    Tool: Pyflakes
    Ignored Files:
        djblets/integrations/templates/integrations/configure_integration.html
    
    
  2. 
      
David Trowbridge
  1. 
      
  2. Because there's only ever one of these on the page, and .val() returns undefined when there are no matching elements, this whole thing could be:

    var csrfToken = $('input[name="csrfmiddlewaretoken"]').val();
    
    if (csrfToken) {
        xhr.setRequestHeader('X-CSRFToken', csrfToken);
    }
    
  3. 
      
Barret Rennie
Review Bot
  1. Tool: PEP8 Style Checker
    Ignored Files:
        djblets/integrations/templates/integrations/configure_integration.html
    
    
    
    Tool: Pyflakes
    Ignored Files:
        djblets/integrations/templates/integrations/configure_integration.html
    
    
  2. 
      
David Trowbridge
  1. 
      
  2. There should only ever be one <input name="csrfmiddlewaretoken"> on the page, so this selector can just be $('input[name="csrfmiddlewaretoken"]')

  3. 
      
Barret Rennie
Review Bot
  1. Tool: PEP8 Style Checker
    Ignored Files:
        djblets/integrations/templates/integrations/configure_integration.html
    
    
    
    Tool: Pyflakes
    Ignored Files:
        djblets/integrations/templates/integrations/configure_integration.html
    
    
  2. 
      
David Trowbridge
  1. Ship It!
  2. 
      
Barret Rennie
Review request changed

Status: Closed (submitted)

Change Summary:

Pushed to release-0.10.x (70b7578)
Loading...