[PATCH v2 2/3] static: add JS Cookie library to get csrftoken for client-side requests
Stephen Finucane
stephen at that.guru
Wed Aug 18 21:04:40 AEST 2021
On Tue, 2021-08-17 at 21:33 +0000, Raxel Gutierrez wrote:
> Currently in Patchwork, requests are made only through older methods via
> form submissions, which means the UI is rendered strictly server-side.
> This lags behind more modern and versatile approaches that use
> JavaScript to send requests and dynamically update the UI based on the
> respective responses.
>
> In order to make REST API requests on the client-side secure from CSRF
> attacks, add the JS Cookie library which allows the CSRF token to be
> passed in the request header. A following patch that introduces the
> `rest.js` module will make use of the JS Cookie library in this patch.
>
> The library is a recommendation from Django docs [1]. The files for the
> library can be downloaded in the releases page of the GitHub [2].
>
> [1] https://docs.djangoproject.com/en/3.2/ref/csrf/#ajax
> [2] https://github.com/js-cookie/js-cookie/releases
>
> Signed-off-by: Raxel Gutierrez <raxel at google.com>
> Reviewed-by: Daniel Axtens <dja at axtens.net>
As Daniel noted elsewhere, I needed to add the file manually due to the munging
that Mailman or some other component in the email pipeline is introducing but
otherwise this was fine.
Reviewed-by: Stephen Finucane <stephen at that.guru>
and applied, since it seems obvious we'll be using it in one form or another and
we can revert this if not.
Cheers,
Stephen
More information about the Patchwork
mailing list