fixes #677 Replace GET with POST when necessary, and refactored a bit… #685
Conversation
…efactored a bit the post utils in js
| @@ -87,6 +87,12 @@ function openConfirmationBox(name) { | |||
| $('#confirmation-dialog').dialog('open'); | |||
| } | |||
|
|
|||
| function postWithCsrf(path) { | |||
There was a problem hiding this comment.
Could we pass a Csrf param into params of post instead of making a new function? Any reason against?
There was a problem hiding this comment.
nope we can do this - i was starting with a "soft refactoring" 😂
I'll have a look
There was a problem hiding this comment.
I think I actually like that function as a "shortcut" so we don't have to paste the token everywhere (see next comment)
There was a problem hiding this comment.
This is not reviewable, I can't resolve this discussion = (
| <a id="allow_button" class="button button--small button-primary button--primary--positive" | ||
| href="{% url 'organisation_allow_join' join_request.id %}">Allow</a></td> | ||
| <button id="allow_button" class="button button--small button-primary button--primary--positive" | ||
| onclick="post('{% url 'organisation_allow_join' join_request.id %}', { |
There was a problem hiding this comment.
Question as I'm not sure exactly what's happening here, can this post be now replaced withpostWithCsrf() if we decide to use it (or post with a param if you accept my suggestion)?
There was a problem hiding this comment.
yup -
here i think postWithCsrf might prove more concise
… the post utils in js
The following requests are now using POST instead of GET:
Assigning / unassigning school admins: was POST already (tested on codeforlife.education)
Same for leaving a school