search

PANmedia / raptor-editor

Raptor, an HTML5 WYSIWYG content editor!
www.raptor-editor.com
GNU General Public License v3.0
533 stars 136 forks source link

CSRF token #153

Closed pyprism closed 10 years ago

pyprism commented 10 years ago

How to send CSRF token from raptor editor?

Petah commented 10 years ago

Are you using the JSON or Rest save plugin?

pyprism commented 10 years ago

JSON

Petah commented 10 years ago

I had to make a few tweeks to the save plugin to allow more data customisation, but I have made a working example here: https://github.com/PANmedia/raptor-example/blob/master/examples/csrf/example.php https://github.com/PANmedia/raptor-example/blob/master/classes/Raptor/CSRF/Example.php

https://github.com/PANmedia/raptor-editor/commit/aa660c46004cdd494dcccac42833e915c6f4b954

pyprism commented 10 years ago

Thanks . But one thing I cant understand ... I am following https://www.raptor-editor.com/documentation/tutorials/basic-saving . Here is my code 

$(function() {
    $('.raptor-editable').raptor({
        plugins: {
            // Define which save plugin to use. May be saveJson or saveRest
            save: {
                plugin: 'saveJson'
            },
            // Provide options for the saveJson plugin
            saveJson: {
                // The URL to which Raptor data will be POSTed
                url: 'http://localhost:8000/users/editor',
                // The parameter name for the posted data
                postName: 'raptor-content',
                // A string or function that returns the identifier for the Raptor instance being saved
                id: function () {
                    return this.raptor.getElement().data('id');
                }
            }
        }
    });
});

In this code where should I add csrf variable ?

Petah commented 10 years ago

As per https://github.com/PANmedia/raptor-example/blob/master/examples/csrf/example.php

var csrf = /* generate CSRF token here */;
$(function() {
    $('.raptor-editable').raptor({
        plugins: {
            // Define which save plugin to use. May be saveJson or saveRest
            save: {
                plugin: 'saveJson'
            },
            // Provide options for the saveJson plugin
            saveJson: {
                // The URL to which Raptor data will be POSTed
                url: 'http://localhost:8000/users/editor',
                // The parameter name for the posted data
                postName: 'raptor-content',
                // A string or function that returns the identifier for the Raptor instance being saved
                id: function () {
                    return this.raptor.getElement().data('id');
                },
                post: function(data) {
                    data.csrf = csrf;
                    return data;
                }
            }
        },
        bind: {
            saved: function(data, status, xhr) {
                csrf = data.csrf;
            },
            saveFailed: function(data, status, xhr) {
                csrf = data.csrf;
            }
        }
    });
});

Note: you need to regenerate a new CSRF token every time you save.

pyprism commented 10 years ago

Thank you so much :smile: