mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-26 12:21:36 +03:00
Merge pull request #3170 from sebgie/csrf-remove
Remove CSRF from client
This commit is contained in:
commit
df30511778
@ -5,9 +5,6 @@ import ghostPaths from 'ghost/utils/ghost-paths';
|
||||
var ApplicationAdapter = DS.RESTAdapter.extend({
|
||||
host: window.location.origin,
|
||||
namespace: ghostPaths().apiRoot.slice(1),
|
||||
headers: {
|
||||
'X-CSRF-Token': $('meta[name="csrf-param"]').attr('content')
|
||||
},
|
||||
|
||||
findQuery: function (store, type, query) {
|
||||
var id;
|
||||
|
@ -64,9 +64,6 @@ UploadUi = function ($dropzone, settings) {
|
||||
|
||||
$dropzone.find('.js-fileupload').fileupload().fileupload('option', {
|
||||
url: Ghost.subdir + '/ghost/upload/',
|
||||
headers: {
|
||||
'X-CSRF-Token': $('meta[name=\'csrf-param\']').attr('content')
|
||||
},
|
||||
add: function (e, data) {
|
||||
/*jshint unused:false*/
|
||||
$('.js-button-accept').prop('disabled', true);
|
||||
|
@ -16,9 +16,6 @@ var DebugController = Ember.Controller.extend(Ember.Evented, {
|
||||
|
||||
ic.ajax.request(this.get('ghostPaths').apiUrl('db'), {
|
||||
type: 'POST',
|
||||
headers: {
|
||||
'X-CSRF-Token': $('meta[name="csrf-param"]').attr('content')
|
||||
},
|
||||
data: formData,
|
||||
dataType: 'json',
|
||||
cache: false,
|
||||
@ -50,10 +47,7 @@ var DebugController = Ember.Controller.extend(Ember.Evented, {
|
||||
var self = this;
|
||||
|
||||
ic.ajax.request(this.get('ghostPaths').apiUrl('mail', 'test'), {
|
||||
type: 'POST',
|
||||
headers: {
|
||||
'X-CSRF-Token': $('meta[name="csrf-param"]').attr('content')
|
||||
}
|
||||
type: 'POST'
|
||||
}).then(function () {
|
||||
self.notifications.showSuccess('Check your email for the test message:');
|
||||
}).catch(function (response) {
|
||||
|
@ -4,10 +4,7 @@ var DeleteAllController = Ember.Controller.extend({
|
||||
var self = this;
|
||||
|
||||
ic.ajax.request(this.get('ghostPaths').apiUrl('db'), {
|
||||
type: 'DELETE',
|
||||
headers: {
|
||||
'X-CSRF-Token': $('meta[name="csrf-param"]').attr('content')
|
||||
}
|
||||
type: 'DELETE'
|
||||
}).then(function () {
|
||||
self.notifications.showSuccess('All content deleted from database.');
|
||||
}).catch(function (response) {
|
||||
|
@ -23,9 +23,6 @@ var SetupController = Ember.ObjectController.extend(ValidationEngine, {
|
||||
ajax({
|
||||
url: self.get('ghostPaths').adminUrl('setup'),
|
||||
type: 'POST',
|
||||
headers: {
|
||||
'X-CSRF-Token': self.get('csrf')
|
||||
},
|
||||
data: self.getProperties('blogTitle', 'name', 'email', 'password')
|
||||
}).then(function () {
|
||||
self.get('session').authenticate('ember-simple-auth-authenticator:oauth2-password-grant', {
|
||||
|
@ -22,9 +22,6 @@ var SignupController = Ember.ObjectController.extend(ValidationEngine, {
|
||||
ajax({
|
||||
url: self.get('ghostPaths').adminUrl('signup'),
|
||||
type: 'POST',
|
||||
headers: {
|
||||
'X-CSRF-Token': self.get('csrf')
|
||||
},
|
||||
data: self.getProperties('name', 'email', 'password')
|
||||
}).then(function () {
|
||||
self.get('session').authenticate('ember-simple-auth-authenticator:oauth2-password-grant', {
|
||||
|
@ -1,13 +0,0 @@
|
||||
var CSRFTokenInitializer = {
|
||||
name: 'csrf-token',
|
||||
|
||||
initialize: function (container, application) {
|
||||
application.register('csrf:token', $('meta[name="csrf-param"]').attr('content'), { instantiate: false });
|
||||
|
||||
application.inject('route', 'csrf', 'csrf:token');
|
||||
application.inject('model', 'csrf', 'csrf:token');
|
||||
application.inject('controller', 'csrf', 'csrf:token');
|
||||
}
|
||||
};
|
||||
|
||||
export default CSRFTokenInitializer;
|
@ -1,12 +0,0 @@
|
||||
var CSRFInitializer = {
|
||||
name: 'csrf',
|
||||
|
||||
initialize: function (container, application) {
|
||||
application.register('csrf:current', $('meta[name="csrf-param"]').attr('content'), { instantiate: false });
|
||||
|
||||
application.inject('route', 'csrf', 'csrf:current');
|
||||
application.inject('controller', 'csrf', 'csrf:current');
|
||||
}
|
||||
};
|
||||
|
||||
export default CSRFInitializer;
|
Loading…
Reference in New Issue
Block a user