diff options
| author |   Parker Berberian <pberberian@iol.unh.edu> | 2018-11-28 13:38:45 -0500 |
|---|---|---|
| committer | Parker Berberian <pberberian@iol.unh.edu> | 2018-11-28 13:38:45 -0500 |
| commit | d7e2fc7062a761e62335073bec6306c78f1471cc (patch) | |
| tree | 2c92850b2c8d3103e93565e70ee439f610fb1b3e /dashboard/src/templates/workflow/confirm.html | |
| parent | b02aa2535c7b7beacbc2d7d24d8522fa596afeee (diff) | |
Removed Vanilla Form Submission
On google chrome, using vanilla html forms, eg:
document.getElementById("Form_id").submit();
does not properly set the CSRF header from the cookies.
This results in 403 unauthorized errors in chrome when doing certain things.
This is possibly an issue to do with how chrome handles iframes differently from firefox.
To fix, we replaced basic forms with serialized XMLHttpRequests,
which are more common in this codebase anyway.
Change-Id: I93e92cd326c8bba47408b66a95d9d5d806c154f6
Signed-off-by: Parker Berberian <pberberian@iol.unh.edu>
Diffstat (limited to 'dashboard/src/templates/workflow/confirm.html')
| -rw-r--r-- | dashboard/src/templates/workflow/confirm.html | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/dashboard/src/templates/workflow/confirm.html b/dashboard/src/templates/workflow/confirm.html index 555fa56..4f2616e 100644 --- a/dashboard/src/templates/workflow/confirm.html +++ b/dashboard/src/templates/workflow/confirm.html @@ -70,15 +70,28 @@ req.send(formData); } + function submitForm() + { + var form = $("#confirmation_form"); + var formData = form.serialize(); + var req = new XMLHttpRequest(); + req.open("POST", "/wf/workflow/", false); + req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); + req.onerror = function() { alert("problem submitting confirmation"); } + req.onreadystatechange = function() { if(req.readyState === 4 ) { delete_manager(); } } + req.send(formData); + } + + function formconfirm() { select.value = "True"; - document.getElementById("confirmation_form").submit(); + submitForm(); } function formcancel() { select.value = "False"; - document.getElementById("confirmation_form").submit(); + submitForm(); } var confirmed = {{bypassed|default:"false"}}; @@ -91,7 +104,20 @@ function fixVlans() { document.getElementById("vlan_input").value = "True"; - document.getElementById("vlan_form").submit(); + var form = $("#vlan_form"); + var formData = form.serialize(); + var req = new XMLHttpRequest(); + req.open("POST", "/wf/workflow/", false); + req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); + req.onerror = function() { alert("problem submitting form"); } + req.onreadystatechange = function() { //replaces current page with response + if(req.readyState === 4 ) { + document.open(); + document.write(req.responseText); + document.close(); + } + } + req.send(formData); } var problem = {{vlan_warning|default:'false'}}; if(problem){ @@ -121,5 +147,4 @@ if(problem){ {% endblock element_messages %} {% endblock content %} {% block onleave %} -//document.getElementById("confirmation_form").submit(); {% endblock %} |