Mercurial > public > sg101

changeset 507:8631d32e6b16

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Some users are still having problems with the pop-up login. I think they are actually getting 403s because of the CSRF protection. So I have modified the base template to always have a javascript variable called csrf_token available when they aren't logged in. The ajax_login.js script was then modified to send this value with the ajax post. Fingers crossed.
author Brian Neal <bgneal@gmail.com>
date Sun, 04 Dec 2011 03:05:21 +0000
parents 09a9402e4a71
children 6f5fff924877
files gpp/accounts/static/js/ajax_login.js gpp/templates/base.html
diffstat 2 files changed, 3 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/gpp/accounts/static/js/ajax_login.js	Sat Dec 03 20:46:41 2011 +0000
+++ b/gpp/accounts/static/js/ajax_login.js	Sun Dec 04 03:05:21 2011 +0000
@@ -15,7 +15,8 @@
                type: 'POST',
                data: {
                   username: userBox.val(),
-                  password: passBox.val()
+                  password: passBox.val(),
+                  csrfmiddlewaretoken: csrf_token
                },
                dataType: 'json',
                success: function(data, textStatus) {
--- a/gpp/templates/base.html	Sat Dec 03 20:46:41 2011 +0000
+++ b/gpp/templates/base.html	Sun Dec 04 03:05:21 2011 +0000
@@ -36,6 +36,7 @@
 <link rel="shortcut icon" type="image/vnd.microsoft.com" href="{{ STATIC_URL }}favicon.ico" />
 {% if not user.is_authenticated %}
 {% script_tags "jquery-ui" %}
+<script type="text/javascript">var csrf_token = "{{ csrf_token }}";</script>
 <script type="text/javascript" src="{{ STATIC_URL }}js/ajax_login.js"></script>
 {% endif %}
 </head>