# HG changeset patch
# User Brian Neal <bgneal@gmail.com>
# Date 1322967921 0
# Node ID 8631d32e6b1697415c4fc2927a8f9d5830d290c6
# Parent  09a9402e4a71d5d22dfd88181007a3d34a91d0c5
Some users are still having problems with the pop-up login. I think they are actually getting 403s because of the CSRF protection. So I have modified the base template to always have a javascript variable called csrf_token available when they aren't logged in. The ajax_login.js script was then modified to send this value with the ajax post. Fingers crossed.

diff -r 09a9402e4a71 -r 8631d32e6b16 gpp/accounts/static/js/ajax_login.js
--- a/gpp/accounts/static/js/ajax_login.js	Sat Dec 03 20:46:41 2011 +0000
+++ b/gpp/accounts/static/js/ajax_login.js	Sun Dec 04 03:05:21 2011 +0000
@@ -15,7 +15,8 @@
                type: 'POST',
                data: {
                   username: userBox.val(),
-                  password: passBox.val()
+                  password: passBox.val(),
+                  csrfmiddlewaretoken: csrf_token
                },
                dataType: 'json',
                success: function(data, textStatus) {
diff -r 09a9402e4a71 -r 8631d32e6b16 gpp/templates/base.html
--- a/gpp/templates/base.html	Sat Dec 03 20:46:41 2011 +0000
+++ b/gpp/templates/base.html	Sun Dec 04 03:05:21 2011 +0000
@@ -36,6 +36,7 @@
 <link rel="shortcut icon" type="image/vnd.microsoft.com" href="{{ STATIC_URL }}favicon.ico" />
 {% if not user.is_authenticated %}
 {% script_tags "jquery-ui" %}
+<script type="text/javascript">var csrf_token = "{{ csrf_token }}";</script>
 <script type="text/javascript" src="{{ STATIC_URL }}js/ajax_login.js"></script>
 {% endif %}
 </head>