git.ipfire.org Git - thirdparty/patchwork.git/commit

author	Raxel Gutierrez <raxel@google.com>
	Tue, 17 Aug 2021 21:33:49 +0000 (21:33 +0000)
committer	Stephen Finucane <stephen@that.guru>
	Wed, 18 Aug 2021 11:06:08 +0000 (12:06 +0100)
commit	c8f4a658d8436f804b5599707bab2582f85e81c3
tree	325fdb0ccce0d5ca4d26b256bd9fbb0d782ca92f	tree \| snapshot
parent	794c13c8edbcb4842ed13922c7198d8fc4bf5748	commit \| diff

static: add JS Cookie library to get csrftoken for client-side requests

Currently in Patchwork, requests are made only through older methods via
form submissions, which means the UI is rendered strictly server-side.
This lags behind more modern and versatile approaches that use
JavaScript to send requests and dynamically update the UI based on the
respective responses.

In order to make REST API requests on the client-side secure from CSRF
attacks, add the JS Cookie library which allows the CSRF token to be
passed in the request header. A following patch that introduces the
`rest.js` module will make use of the JS Cookie library in this patch.

The library is a recommendation from Django docs [1]. The files for the
library can be downloaded in the releases page of the GitHub [2].

[1] https://docs.djangoproject.com/en/3.2/ref/csrf/#ajax
[2] https://github.com/js-cookie/js-cookie/releases

Signed-off-by: Raxel Gutierrez <raxel@google.com>
Reviewed-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Stephen Finucane <stephen@that.guru>

htdocs/README.rst		diff \| blob \| blame \| history
htdocs/js/js.cookie.min.js	[new file with mode: 0644]	blob
templates/base.html		diff \| blob \| blame \| history