Merge pull request #3170 from sebgie/csrf-remove

Remove CSRF from client
This commit is contained in:
Hannah Wolfe 2014-07-01 13:57:49 +01:00
commit df30511778
8 changed files with 2 additions and 48 deletions

View File

@ -5,9 +5,6 @@ import ghostPaths from 'ghost/utils/ghost-paths';
var ApplicationAdapter = DS.RESTAdapter.extend({
host: window.location.origin,
namespace: ghostPaths().apiRoot.slice(1),
headers: {
'X-CSRF-Token': $('meta[name="csrf-param"]').attr('content')
},
findQuery: function (store, type, query) {
var id;

View File

@ -64,9 +64,6 @@ UploadUi = function ($dropzone, settings) {
$dropzone.find('.js-fileupload').fileupload().fileupload('option', {
url: Ghost.subdir + '/ghost/upload/',
headers: {
'X-CSRF-Token': $('meta[name=\'csrf-param\']').attr('content')
},
add: function (e, data) {
/*jshint unused:false*/
$('.js-button-accept').prop('disabled', true);

View File

@ -16,9 +16,6 @@ var DebugController = Ember.Controller.extend(Ember.Evented, {
ic.ajax.request(this.get('ghostPaths').apiUrl('db'), {
type: 'POST',
headers: {
'X-CSRF-Token': $('meta[name="csrf-param"]').attr('content')
},
data: formData,
dataType: 'json',
cache: false,
@ -50,10 +47,7 @@ var DebugController = Ember.Controller.extend(Ember.Evented, {
var self = this;
ic.ajax.request(this.get('ghostPaths').apiUrl('mail', 'test'), {
type: 'POST',
headers: {
'X-CSRF-Token': $('meta[name="csrf-param"]').attr('content')
}
type: 'POST'
}).then(function () {
self.notifications.showSuccess('Check your email for the test message:');
}).catch(function (response) {

View File

@ -4,10 +4,7 @@ var DeleteAllController = Ember.Controller.extend({
var self = this;
ic.ajax.request(this.get('ghostPaths').apiUrl('db'), {
type: 'DELETE',
headers: {
'X-CSRF-Token': $('meta[name="csrf-param"]').attr('content')
}
type: 'DELETE'
}).then(function () {
self.notifications.showSuccess('All content deleted from database.');
}).catch(function (response) {

View File

@ -23,9 +23,6 @@ var SetupController = Ember.ObjectController.extend(ValidationEngine, {
ajax({
url: self.get('ghostPaths').adminUrl('setup'),
type: 'POST',
headers: {
'X-CSRF-Token': self.get('csrf')
},
data: self.getProperties('blogTitle', 'name', 'email', 'password')
}).then(function () {
self.get('session').authenticate('ember-simple-auth-authenticator:oauth2-password-grant', {

View File

@ -22,9 +22,6 @@ var SignupController = Ember.ObjectController.extend(ValidationEngine, {
ajax({
url: self.get('ghostPaths').adminUrl('signup'),
type: 'POST',
headers: {
'X-CSRF-Token': self.get('csrf')
},
data: self.getProperties('name', 'email', 'password')
}).then(function () {
self.get('session').authenticate('ember-simple-auth-authenticator:oauth2-password-grant', {

View File

@ -1,13 +0,0 @@
var CSRFTokenInitializer = {
name: 'csrf-token',
initialize: function (container, application) {
application.register('csrf:token', $('meta[name="csrf-param"]').attr('content'), { instantiate: false });
application.inject('route', 'csrf', 'csrf:token');
application.inject('model', 'csrf', 'csrf:token');
application.inject('controller', 'csrf', 'csrf:token');
}
};
export default CSRFTokenInitializer;

View File

@ -1,12 +0,0 @@
var CSRFInitializer = {
name: 'csrf',
initialize: function (container, application) {
application.register('csrf:current', $('meta[name="csrf-param"]').attr('content'), { instantiate: false });
application.inject('route', 'csrf', 'csrf:current');
application.inject('controller', 'csrf', 'csrf:current');
}
};
export default CSRFInitializer;