Closed obfuscurity closed 10 years ago
The above seems like a reasonable compromise. The benefits for ripping out that convenient bit of AJAX seem to far outweight the potential negatives, particularly when we can just alert and ask the user to reload (and presumably, re-auth).
Because we're using just basic auth and not managing any tokens, there's no simple way to pass XHR with explicit credentials. Therefore, if your session expires or I happen to restart the backend service, you could theoretically click the "Save Review" button and have nothing obvious happen.
We should probably just jettison the AJAX stuff (since it's only used for this one thing anyways) and use a proper HTML form.