Submit csrf token with the request for server side preview.

#1 Declined
  1. Tuk Bredsdorff

Django was returning a 503 error when it received the post to the preview url.

Comments (14)

  1. Ahmad Khayyat repo owner

    I'd really like to get to the bottom of this. On a clean-history browser, I still don't get any errors without this patch. In fact, django-debug-toolbar shows the csrftoken cookie variable in the Request Vars section, and the dev server keeps saying:

    ... "POST /pagedown/preview/ HTTP/1.1" 200 ...

    Can you publish a small test repository (perhaps a mezzanine demo site) in which this patch is required?

  2. Tuk Bredsdorff author

    Sure, I've PM'ed you the URL. But actually the pagedown code never gets that far because of #11 so now you get a chance to meet that one in person as well. Unless your browser is radically different than mine ;) .

    So check that one out if you don't mind, and I will work around it afterwards so we can proceed with this one.

  3. Ahmad Khayyat repo owner

    I am not sure whether you got my message. The URL you sent is for a live site. I'd need a source repository to be able to debug the issues and see the error traces.

  4. Ahmad Khayyat repo owner

    Now that issues #11 and #12 are resolved, I can see the problem this pull request is solving.

    One question: why are you skipping the same-domain test in line 49 of the editor.html file?

  5. Ahmad Khayyat repo owner

    Thanks Tuk. This looks good. Would it be too much trouble to clean up the pull request: rebase it on current tip and collapse it into a single changeset?

    (At least to get rid of the merge in the pull request.)

  6. Ahmad Khayyat repo owner

    Tuk, to clean up the pull request, you can graft the non-merge commits in this pull request onto the tip of my repo, then fold/squash them into one commit using the histedit extension. I'd do it myself, but then the resulting commit would be authored by me.