web: add fetchApi convenience method

This commit is contained in:
Maximilian Hils 2016-06-02 10:34:16 -07:00
parent 89fc438e32
commit 73e494770f
4 changed files with 18 additions and 12 deletions

View File

@ -87,9 +87,6 @@ class WebState(flow.State):
data=[]
)
def load_flows(self, flows):
super(WebState, self).load_flows(flows)
class Options(object):
attributes = [

View File

@ -390,7 +390,7 @@ class Application(tornado.web.Application):
settings = dict(
template_path=os.path.join(os.path.dirname(__file__), "templates"),
static_path=os.path.join(os.path.dirname(__file__), "static"),
xsrf_cookies=False,
xsrf_cookies=True,
cookie_secret=os.urandom(256),
debug=debug,
wauthenticator=wauthenticator,

View File

@ -1,7 +1,6 @@
import $ from "jquery";
import _ from "lodash";
import {AppDispatcher} from "./dispatcher.js";
import {getCookie} from "./utils.js";
import {fetchApi} from "./utils.js";
export var ActionTypes = {
// Connection
@ -122,12 +121,10 @@ export var FlowActions = {
download: () => window.location = "/flows/dump",
upload: (file) => {
var xsrf = $.param({_xsrf: getCookie("_xsrf")});
//console.log(xsrf);
var filereader = new FileReader();
filereader.file = file;
filereader.onload = (e) => {
fetch("/flows/dump?"+xsrf, {
fetchApi("/flows/dump", {
method: 'post',
body: e.currentTarget.result
})

View File

@ -76,11 +76,11 @@ export function reverseString(s) {
) + end;
}
export function getCookie(name) {
function getCookie(name) {
var r = document.cookie.match(new RegExp("\\b" + name + "=([^;]*)\\b"));
return r ? r[1] : undefined;
}
var xsrf = $.param({_xsrf: getCookie("_xsrf")});
const xsrf = `_xsrf=${getCookie("_xsrf")}`;
//Tornado XSRF Protection.
$.ajaxPrefilter(function (options) {
@ -102,3 +102,15 @@ $(document).ajaxError(function (event, jqXHR, ajaxSettings, thrownError) {
actions.EventLogActions.add_event(thrownError + ": " + message);
alert(message);
});
export function fetchApi(url, options) {
if(url.indexOf("?") === -1){
url += "?" + xsrf;
} else {
url += "&" + xsrf;
}
return fetch(url, {
...options,
credentials: 'same-origin'
});
}