-
-
Notifications
You must be signed in to change notification settings - Fork 631
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CSRF into gem #517
Add CSRF into gem #517
Conversation
Changes Unknown when pulling ad7fb92 on dzirtusss:add-csrf into * on shakacode:master*. |
We probably don't want to suck in lodash, at least not all of it. Are we using lodash elsewhere in this module? We could consider bringing in a tiny bit of it. Review status: 0 of 1 files reviewed at latest revision, all discussions resolved, some commit checks failed. Comments from Reviewable |
Temporary. Lodash not needed. Review status: 0 of 1 files reviewed at latest revision, all discussions resolved, some commit checks failed. Comments from Reviewable |
Changes Unknown when pulling 6b57be0 on dzirtusss:add-csrf into * on shakacode:master*. |
|
||
getAuthenticityToken() { | ||
/*const token = _.find(document.querySelectorAll('meta'), ['name', 'csrf-token']);*/ | ||
const token = document.querySelector('meta[name="csrf-token"]'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Actually I think we should not need to include
And everything works fine. Maybe it will not work with I think it will be ok if we use
|
Was also thinking does this sounds better names? It better be more clear. Any opinions?
|
meta.content = testToken; | ||
document.head.appendChild(meta); | ||
|
||
var realToken = ReactOnRails.getAuthenticityToken(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
var
and const
Not a big deal. It is rather matter of style.
🍒
Review status: 0 of 3 files reviewed at latest revision, 4 unresolved discussions. CHANGELOG.md, line 11 [r5] (raw file):
update names? node_package/src/ReactOnRails.js, line 82 [r2] (raw file):
|
Review status: 0 of 3 files reviewed at latest revision, 4 unresolved discussions. node_package/src/ReactOnRails.js, line 96 [r5] (raw file):
|
Review status: 0 of 3 files reviewed at latest revision, 4 unresolved discussions. node_package/src/ReactOnRails.js, line 96 [r5] (raw file):
|
We're ready to go!
Reviewed 1 of 2 files at r4, 2 of 2 files at r5. node_package/src/ReactOnRails.js, line 82 [r2] (raw file):
|
Review status: all files reviewed at latest revision, 8 unresolved discussions. node_package/src/ReactOnRails.js, line 82 [r2] (raw file):
|
Review status: all files reviewed at latest revision, 8 unresolved discussions. node_package/src/ReactOnRails.js, line 82 [r2] (raw file):
|
Review status: all files reviewed at latest revision, 9 unresolved discussions. node_package/src/ReactOnRails.js, line 76 [r5] (raw file):
|
Done. Review status: 0 of 6 files reviewed at latest revision, 10 unresolved discussions. CHANGELOG.md, line 11 [r5] (raw file):
|
Reviewed 6 of 6 files at r6. Comments from Reviewable |
Reviewed 1 of 1 files at r7. README.md, line 420 [r7] (raw file):
Should we mention somewhere that jquery-ujs adds this jQuery's ajax methods? README.md, line 426 [r7] (raw file):
extra trailing spaces here -- see red dots. Comments from Reviewable |
Review status: all files reviewed at latest revision, 6 unresolved discussions, some commit checks broke. README.md, line 420 [r7] (raw file):
|
@justin808 I am definitely not an expert in automated documentation although I dare to suppose smth like that https://github.com/cbou/markdox would be fit for it. |
Review status: 6 of 7 files reviewed at latest revision, 7 unresolved discussions. README.md, line 433 [r8] (raw file):
Minor grammar fix:
Comments from Reviewable |
One tiny change! Reviewed 1 of 1 files at r8. Comments from Reviewable |
Review status: 6 of 7 files reviewed at latest revision, 5 unresolved discussions. README.md, line 433 [r8] (raw file):
|
Reviewed 1 of 1 files at r9. Comments from Reviewable |
Reviewed 1 of 1 files at r10. Comments from Reviewable |
Referencing issue #16, first draft.
Added JS helpers:
getAuthenticityToken()
- returns CSRF tokenauthenticityHeader(header)
- returns complete header withX-CSRF-Token
andX-Requested-With: XMLHttpRequest
Waiting for comments.
This change is