From 1bca75075deaa0922946194173def8e4cf6fb985 Mon Sep 17 00:00:00 2001 From: Parker Berberian Date: Wed, 28 Nov 2018 13:38:45 -0500 Subject: Removed Vanilla Form Submission On google chrome, using vanilla html forms, eg: document.getElementById("Form_id").submit(); does not properly set the CSRF header from the cookies. This results in 403 unauthorized errors in chrome when doing certain things. This is possibly an issue to do with how chrome handles iframes differently from firefox. To fix, we replaced basic forms with serialized XMLHttpRequests, which are more common in this codebase anyway. Change-Id: I93e92cd326c8bba47408b66a95d9d5d806c154f6 Signed-off-by: Parker Berberian --- src/templates/resource/steps/meta_info.html | 8 +++++++- src/templates/resource/steps/pod_definition.html | 1 - 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'src/templates/resource') diff --git a/src/templates/resource/steps/meta_info.html b/src/templates/resource/steps/meta_info.html index 389ff6d..b458842 100644 --- a/src/templates/resource/steps/meta_info.html +++ b/src/templates/resource/steps/meta_info.html @@ -14,5 +14,11 @@ {% endblock content %} {% block onleave %} -document.getElementById("resource_meta_form").submit(); +var ajaxForm = $("#resource_meta_form"); +var formData = ajaxForm.serialize(); +req = new XMLHttpRequest(); +req.open("POST", "/wf/workflow/", false); +req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); +req.onerror = function() { alert("problem submitting form"); } +req.send(formData); {% endblock %} diff --git a/src/templates/resource/steps/pod_definition.html b/src/templates/resource/steps/pod_definition.html index ab9dfb3..b2b4998 100644 --- a/src/templates/resource/steps/pod_definition.html +++ b/src/templates/resource/steps/pod_definition.html @@ -596,7 +596,6 @@ function submitForm() { var input_elem = document.getElementById("hidden_xml_input"); var s = encodeGraph(currentGraph); input_elem.value = s; - //form.submit(); req = new XMLHttpRequest(); req.open("POST", "/wf/workflow/", false); req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); -- cgit 1.2.3-korg