Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-13 22:41:32 -05:00
Code Issues Activity

Hide Access Token

Browse source 
closes #3177
- uses an iFrame to initiate the download to hide the access token

The access token is now hidden in the admin logic. If we would like to
completely hide the token it is possible to remove the access token and
use signed requests instead, but I think the effort isn’t worth the
benefit in this case.
This commit is contained in:
Sebastian Gierlinger 2014-07-25 17:14:48 +02:00
parent 6628127297
commit f0d38aa66d
2 changed files with 9 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
core/client/controllers/debug.js
View file

@ -1,11 +1,6 @@
var DebugController = Ember.Controller.extend(Ember.Evented, {
uploadButtonText: 'Import',
exportPath: function () {
return this.get('ghostPaths.url').api('db') +
'?access_token=' + this.get('session.access_token');
}.property(),
actions: {
onUpload: function (file) {
var self = this,
@ -33,15 +28,15 @@ var DebugController = Ember.Controller.extend(Ember.Evented, {
},
exportData: function () {
var self = this;
var iframe = $('#iframeDownload'),
downloadURL = this.get('ghostPaths.url').api('db') +
'?access_token=' + this.get('session.access_token');
ic.ajax.request(this.get('ghostPaths.url').api('db'), {
type: 'GET'
}).then(function () {
self.notifications.showSuccess('Data exported successfully.');
}).catch(function (response) {
self.notifications.showErrors(response);
});
if (iframe.length === 0) {
iframe = $('<iframe>', { id: 'iframeDownload' }).hide().appendTo('body');
}
iframe.attr('src', downloadURL);
},
sendTestEmail: function () {

2
core/client/templates/debug.hbs
View file

@ -19,7 +19,7 @@
<fieldset>
<div class="form-group">
<label>Export</label>
<a class="button-save" {{bind-attr href=exportPath}}>Export</a>
<a class="button-save" {{action "exportData"}}>Export</a>
<p>Export the blog settings and data.</p>
</div>
</fieldset>