From ac091cd5982abeebfbd583ea8701d378df304645 Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Mon, 27 Feb 2012 17:28:56 -0800 Subject: [PATCH] fixed xsrf problem --- apps/plog/views.py | 2 ++ peterbecom/static/js/blogitem.js | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/apps/plog/views.py b/apps/plog/views.py index 2b76ff51c..03bf9bbfa 100644 --- a/apps/plog/views.py +++ b/apps/plog/views.py @@ -121,6 +121,8 @@ def prepare_json(request): 'email': request.COOKIES.get('email', request.COOKIES.get('__blogcomment_email')), } + # http://stackoverflow.com/a/7503362/205832 + request.META['CSRF_COOKIE_USED'] = True return data diff --git a/peterbecom/static/js/blogitem.js b/peterbecom/static/js/blogitem.js index e6f901f8c..54bd17b68 100644 --- a/peterbecom/static/js/blogitem.js +++ b/peterbecom/static/js/blogitem.js @@ -7,6 +7,7 @@ var F = (function() { var form = $('form#comment'); var preview = $('#preview-comment-outer'); var _submitting = false; + var _preparing = false; function commentData() { return { @@ -20,6 +21,8 @@ var F = (function() { return { prepare: function() { + if (_preparing) return; // to avoid excessive calls + _preparing = true; $.getJSON('/plog/prepare.json', function(response) { $('input[name="csrfmiddlewaretoken"]', form).val(response.csrf_token); if (response.name) { @@ -31,6 +34,7 @@ var F = (function() { }); }, setup_reply: function(parent) { + _preparing = false; if (parent.size() != 1) throw "Must be exactly 1 parent"; form.detach().insertAfter($('.ct:eq(0)', parent)); preview.detach().insertBefore(form); @@ -51,9 +55,11 @@ var F = (function() { }, preview: function(callback) { preview.hide(); + var data = commentData(); + $.ajax({ url: '/plog/preview.json', - data: commentData(), + data: data, type: 'POST', dataType: 'json', success: function(response) {