fix csrf

Author: kirkhess

index.html

@@ -113,5 +113,9 @@
           <p>This is a development view of the Bibliographic Framework Initiative project's editor. For more information, go to  <a href="http://www.loc.gov/bibframe/">www.loc.gov/bibframe</a>.</p>
     </div>
    </footer>
+  <script type="text/javascript">
+  var bfeditor = bfe.fulleditor(config, "bfeditor");
+  </script>
+
   </body>
 </html>

src/bfe.js

@@ -537,7 +537,7 @@ bfe.define('src/bfe', ['require', 'exports', 'src/bfestore', 'src/bfelogging', '
 
                 $(td).find('#bfeditor-deleteConfirmButton' + rowData.id).click(function () {
                   if (editorconfig.deleteId.callback !== undefined) {
-                    editorconfig.deleteId.callback(rowData.id, editorconfig.getCSRF.callback(), bfelog);
+                    editorconfig.deleteId.callback(rowData.id, bfelog);
                     //var table = $('#table_id').DataTable();
                     // table.row($(this).parents('tr')).remove().draw();
                     bfestore.store = [];
@@ -1225,7 +1225,7 @@ bfe.define('src/bfe', ['require', 'exports', 'src/bfestore', 'src/bfelogging', '
                 save_json.addedproperties = addedProperties;
 
                 if (_.some(bfeditor.bfestore.store, {'p': 'http://id.loc.gov/ontologies/bibframe/mainTitle'})) {
-                  editorconfig.save.callback(save_json, editorconfig.getCSRF.callback(), bfelog, function (save, save_name) {
+                  editorconfig.save.callback(save_json, bfelog, function (save, save_name) {
                     bfelog.addMsg(new Error(), 'INFO', 'Saved: ' + save_name);
                   });
                 } else {

static/js/config.js

@@ -17,35 +17,7 @@ var ie = (function(){
     document.body.scrollTop = document.documentElement.scrollTop = 0;
   }
 
-  function csrfSafeMethod(method) {
-    // these HTTP methods do not require CSRF protection
-    return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
-  }
-  
-  function getCSRF(){
-    //eventually you'll have to login       
-    var cookieValue = null;
-    if (document.cookie && document.cookie != '') {
-      var cookies = document.cookie.split(';');
-      for (var i = 0; i < cookies.length; i++) {
-        var cookie = jQuery.trim(cookies[i]);
-        var name = "csrftoken";
-        if (cookie.substring(0, name.length + 1) == (name + '=')) {
-          cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
-          break;
-        }
-      }
-    }       
-    return cookieValue;            
-  }
-  
-  function setCSRF(xhr, settings, csrf) {
-    if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
-      xhr.setRequestHeader("X-CSRFToken", csrf);
-    }
-  }
-  
-  function save(data, csrf, bfelog, callback){
+  function save(data, bfelog, callback){
     var $messagediv = $('<div>', {id: "bfeditor-messagediv", class:"col-md-10 main"});
 
     var url = config.url + "/verso/api/bfs/upsertWithWhere?where=%7B%22name%22%3A%20%22"+data.name+"%22%7D";
@@ -54,7 +26,6 @@ var ie = (function(){
       url: url,
       type: "POST",
       data:JSON.stringify(data),
-      csrf: csrf,
       dataType: "json",
       contentType: "application/json; charset=utf-8"
     }).done(function (data) {
@@ -212,18 +183,13 @@ var ie = (function(){
   }
 
 
-  function deleteId(id, csrf, bfelog){
+  function deleteId(id, bfelog){
     var url = config.url + "/verso/api/bfs/" + id;
 
-    //$.ajaxSetup({
-    //    beforeSend: function(xhr, settings){getCSRF(xhr, settings, csrf);}
-    //});
-  
     $.ajax({
       type: "DELETE",                
       url: url,
       dataType: "json",
-      csrf: csrf,
       success: function (data) {
         bfelog.addMsg(new Error(), "INFO", "Deleted " + id);
       },
@@ -464,25 +430,9 @@ var ie = (function(){
     "deleteId": {
       "callback": deleteId
     },            
-    "getCSRF":{
-      "callback": getCSRF
-    },
-    /*            "load": [
-                  {
-                  "templateID": ["profile:bf:Work:Monograph", "profile:bf:Instance:Monograph", "profile:bf:Annotation:AdminMeta"],
-                  "defaulturi": "http://id.loc.gov/resources/bibs/5226",
-                  "_remark": "Source must be JSONLD expanded, so only jsonp and json are possible requestTypes",
-                  "source": {
-                  "location": "http://id.loc.gov/resources/bibs/5226.bibframe_raw.jsonp",
-                  "requestType": "jsonp",
-                  "data": "UNUSED, BUT REMEMBER IT"
-                  }
-                  }
-                  ],*/
     "return": {
       "format": "jsonld-expanded",
       "callback": myCB
     }
   }
-  var bfeditor = bfe.fulleditor(config, "bfeditor");