Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-24 23:48:13 -05:00
Code Issues Activity

Remove CSRF from client

Browse source 
no issue
- removed occurrences of csrf from client
This commit is contained in:
Sebastian Gierlinger 2014-07-01 11:39:01 +02:00
parent c91f062d3e
commit a1438e3b98
8 changed files with 2 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ghost/admin/adapters/application.js
View file

@ -5,9 +5,6 @@ import ghostPaths from 'ghost/utils/ghost-paths';
var ApplicationAdapter = DS.RESTAdapter.extend({ var ApplicationAdapter = DS.RESTAdapter.extend({
host: window.location.origin, host: window.location.origin,
namespace: ghostPaths().apiRoot.slice(1), namespace: ghostPaths().apiRoot.slice(1),
headers: {
'X-CSRF-Token': $('meta[name="csrf-param"]').attr('content')
},
findQuery: function (store, type, query) { findQuery: function (store, type, query) {
var id; var id;

3
ghost/admin/assets/lib/uploader.js
View file

@ -64,9 +64,6 @@ UploadUi = function ($dropzone, settings) {
$dropzone.find('.js-fileupload').fileupload().fileupload('option', { $dropzone.find('.js-fileupload').fileupload().fileupload('option', {
url: Ghost.subdir + '/ghost/upload/', url: Ghost.subdir + '/ghost/upload/',
headers: {
'X-CSRF-Token': $('meta[name=\'csrf-param\']').attr('content')
},
add: function (e, data) { add: function (e, data) {
/*jshint unused:false*/ /*jshint unused:false*/
$('.js-button-accept').prop('disabled', true); $('.js-button-accept').prop('disabled', true);

8
ghost/admin/controllers/debug.js
View file

@ -16,9 +16,6 @@ var DebugController = Ember.Controller.extend(Ember.Evented, {
ic.ajax.request(this.get('ghostPaths').apiUrl('db'), { ic.ajax.request(this.get('ghostPaths').apiUrl('db'), {
type: 'POST', type: 'POST',
headers: {
'X-CSRF-Token': $('meta[name="csrf-param"]').attr('content')
},
data: formData, data: formData,
dataType: 'json', dataType: 'json',
cache: false, cache: false,
@ -50,10 +47,7 @@ var DebugController = Ember.Controller.extend(Ember.Evented, {
var self = this; var self = this;
ic.ajax.request(this.get('ghostPaths').apiUrl('mail', 'test'), { ic.ajax.request(this.get('ghostPaths').apiUrl('mail', 'test'), {
type: 'POST', type: 'POST'
headers: {
'X-CSRF-Token': $('meta[name="csrf-param"]').attr('content')
}
}).then(function () { }).then(function () {
self.notifications.showSuccess('Check your email for the test message:'); self.notifications.showSuccess('Check your email for the test message:');
}).catch(function (response) { }).catch(function (response) {

5
ghost/admin/controllers/modals/delete-all.js
View file

@ -4,10 +4,7 @@ var DeleteAllController = Ember.Controller.extend({
var self = this; var self = this;
ic.ajax.request(this.get('ghostPaths').apiUrl('db'), { ic.ajax.request(this.get('ghostPaths').apiUrl('db'), {
type: 'DELETE', type: 'DELETE'
headers: {
'X-CSRF-Token': $('meta[name="csrf-param"]').attr('content')
}
}).then(function () { }).then(function () {
self.notifications.showSuccess('All content deleted from database.'); self.notifications.showSuccess('All content deleted from database.');
}).catch(function (response) { }).catch(function (response) {

3
ghost/admin/controllers/setup.js
View file

@ -23,9 +23,6 @@ var SetupController = Ember.ObjectController.extend(ValidationEngine, {
ajax({ ajax({
url: self.get('ghostPaths').adminUrl('setup'), url: self.get('ghostPaths').adminUrl('setup'),
type: 'POST', type: 'POST',
headers: {
'X-CSRF-Token': self.get('csrf')
},
data: self.getProperties('blogTitle', 'name', 'email', 'password') data: self.getProperties('blogTitle', 'name', 'email', 'password')
}).then(function () { }).then(function () {
self.get('session').authenticate('ember-simple-auth-authenticator:oauth2-password-grant', { self.get('session').authenticate('ember-simple-auth-authenticator:oauth2-password-grant', {

3
ghost/admin/controllers/signup.js
View file

@ -22,9 +22,6 @@ var SignupController = Ember.ObjectController.extend(ValidationEngine, {
ajax({ ajax({
url: self.get('ghostPaths').adminUrl('signup'), url: self.get('ghostPaths').adminUrl('signup'),
type: 'POST', type: 'POST',
headers: {
'X-CSRF-Token': self.get('csrf')
},
data: self.getProperties('name', 'email', 'password') data: self.getProperties('name', 'email', 'password')
}).then(function () { }).then(function () {
self.get('session').authenticate('ember-simple-auth-authenticator:oauth2-password-grant', { self.get('session').authenticate('ember-simple-auth-authenticator:oauth2-password-grant', {

13
ghost/admin/initializers/csrf-token.js
View file

@ -1,13 +0,0 @@
var CSRFTokenInitializer = {
name: 'csrf-token',
initialize: function (container, application) {
application.register('csrf:token', $('meta[name="csrf-param"]').attr('content'), { instantiate: false });
application.inject('route', 'csrf', 'csrf:token');
application.inject('model', 'csrf', 'csrf:token');
application.inject('controller', 'csrf', 'csrf:token');
}
};
export default CSRFTokenInitializer;

12
ghost/admin/initializers/csrf.js
View file

@ -1,12 +0,0 @@
var CSRFInitializer = {
name: 'csrf',
initialize: function (container, application) {
application.register('csrf:current', $('meta[name="csrf-param"]').attr('content'), { instantiate: false });
application.inject('route', 'csrf', 'csrf:current');
application.inject('controller', 'csrf', 'csrf:current');
}
};
export default CSRFInitializer;