0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-27 22:49:56 -05:00
ghost/core/client/controllers/debug.js
Sebastian Gierlinger f0d38aa66d Hide Access Token
closes #3177
- uses an iFrame to initiate the download to hide the access token

The access token is now hidden in the admin logic. If we would like to
completely hide the token it is possible to remove the access token and
use signed requests instead, but I think the effort isn’t worth the
benefit in this case.
2014-07-27 22:57:57 +02:00

56 lines
1.8 KiB
JavaScript

var DebugController = Ember.Controller.extend(Ember.Evented, {
uploadButtonText: 'Import',
actions: {
onUpload: function (file) {
var self = this,
formData = new FormData();
this.set('uploadButtonText', 'Importing');
formData.append('importfile', file);
ic.ajax.request(this.get('ghostPaths.url').api('db'), {
type: 'POST',
data: formData,
dataType: 'json',
cache: false,
contentType: false,
processData: false
}).then(function () {
self.notifications.showSuccess('Import successful.');
}).catch(function (response) {
self.notifications.showAPIError(response);
}).finally(function () {
self.set('uploadButtonText', 'Import');
self.trigger('reset');
});
},
exportData: function () {
var iframe = $('#iframeDownload'),
downloadURL = this.get('ghostPaths.url').api('db') +
'?access_token=' + this.get('session.access_token');
if (iframe.length === 0) {
iframe = $('<iframe>', { id: 'iframeDownload' }).hide().appendTo('body');
}
iframe.attr('src', downloadURL);
},
sendTestEmail: function () {
var self = this;
ic.ajax.request(this.get('ghostPaths.url').api('mail', 'test'), {
type: 'POST'
}).then(function () {
self.notifications.showSuccess('Check your email for the test message:');
}).catch(function (response) {
self.notifications.showErrors(response);
});
}
}
});
export default DebugController;