Re: [PATCH 1 of 2] follow: Fix args for $.post() call in toggleFollowingRepo()
On 2/8/20 9:21 PM, Ross Thomas wrote: On 2/8/20 6:05 AM, Mads Kiilerich wrote: Thanks. I do agree this is better. But is it fixing an actual problem? The old manual encoding seems to work fine too? Yep, it worked but it was mostly fortunate 'luck'. It ended up using matrix mode instead of true query params. Interesting. I had never heard about "matrix mode". https://www.w3.org/DesignIssues/MatrixURIs.html . That idea was stillborn. Quite unfortunate that urllib.parse implement it without any documentation or code comments. I guess that will bite some users, and perhaps in some cases cause security issues in some applications. Thanks for the patch. /Mads ___ kallithea-general mailing list kallithea-general@sfconservancy.org https://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH 1 of 2] follow: Fix args for $.post() call in toggleFollowingRepo()
On 2/8/20 6:05 AM, Mads Kiilerich wrote: > Thanks. I do agree this is better. But is it fixing an actual problem? > The old manual encoding seems to work fine too? Yep, it worked but it was mostly fortunate 'luck'. It ended up using matrix mode instead of true query params. The resulting query string was _literally_: ?follows_repository_id=xxx_session_csrf_secret_token=yyy which was then processed as: param: follows_repository_id = xxx param: amp = matrix: _session_csrf_secret_token = yyy If you look at the network call in the browser's dev tools you'll see that the request payload consists of two items: param: follows_repository_id = xxx param: amp;_session_csrf_secret_token = yyy So, yes, it will continue to work. This just seemed cleaner. Ross. ___ kallithea-general mailing list kallithea-general@sfconservancy.org https://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH 1 of 2] follow: Fix args for $.post() call in toggleFollowingRepo()
On 2/8/20 2:06 AM, Ross Thomas wrote: # HG changeset patch # User Ross Thomas # Date 1581112527 28800 # Fri Feb 07 13:55:27 2020 -0800 # Branch stable # Node ID f273a7b53fe035c12a55b6a3e34f849af245d797 # Parent 2571674c4a2fd6247a6dee7d9b4e27df13df1429 follow: Fix args for $.post() call in toggleFollowingRepo() Thanks. I do agree this is better. But is it fixing an actual problem? The old manual encoding seems to work fine too? /Mads diff -r 2571674c4a2f -r f273a7b53fe0 kallithea/public/js/base.js --- a/kallithea/public/js/base.js Mon Feb 03 20:50:07 2020 +0100 +++ b/kallithea/public/js/base.js Fri Feb 07 13:55:27 2020 -0800 @@ -457,8 +457,10 @@ } var toggleFollowingRepo = function(target, follows_repository_id){ -var args = 'follows_repository_id=' + follows_repository_id; -args += '_session_csrf_secret_token=' + _session_csrf_secret_token; +var args = { +'follows_repository_id': follows_repository_id, +'_session_csrf_secret_token': _session_csrf_secret_token +} $.post(TOGGLE_FOLLOW_URL, args, function(data){ _onSuccessFollow(target); }); ___ kallithea-general mailing list kallithea-general@sfconservancy.org https://lists.sfconservancy.org/mailman/listinfo/kallithea-general ___ kallithea-general mailing list kallithea-general@sfconservancy.org https://lists.sfconservancy.org/mailman/listinfo/kallithea-general