plonetrick.csrfworkarounds
Project description
Links:
How it works
This package contains workarounds for legacy code that contains bugs that appear evident after applying the plone4.csrffixes patch.
Usage
Add plonetrick.csrfworkarounds to the list of eggs in your buildout, run buildout and restart Plone.
Disable plone CSRF check in page templates
One of the canonical way to disable the CSRF protection is using this code snippet:
alsoProvides( self.request, IDisableCSRFProtection, )
This solution is better than the workaround provided by this package. The workaround consist in customizing the template adding a call to here/disable_csrf_protection/disable, e.g.:
<metal:slot fill-slot="top_slot" tal:define="dummy here/@@disable_csrf_protection/disable" />
Disable plone CSRF transform when getting TinyMCE configuration
See:
There is no easy fix with this, so I added the workaround view tinymce-jsonconfiguration-csrf-free that wraps the original one adding the requested header.
Example usage:
jQuery.ajax({
url: portal_url + '/@@tinymce-jsonconfiguration-csrf-free?field=' + encodeURI(element.attr('name')),
success: function(data) {
element.attr({'data-mce-config': data});
element.addClass('mce_editable');
element.addClass('pat-tinymce');
window.initTinyMCE(element.parent(), {});
}
});
- orphan:
Changelog
0.9.0 (2015-11-25)
Initial release. [ale-rt]
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for plonetrick.csrfworkarounds-0.9.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 00512448872d15b9894466a161131c8acdc50437726f20c0edfb7bc8767ee45e |
|
MD5 | 5ddd001b72449fbf982f9afbf8d3c3e8 |
|
BLAKE2b-256 | d073cadf232adb326e3266aa2d27318b24732e6cb1285878301e1a1b6e129e3d |