diff options
author | Tim-Hinnerk Heuer <tim@innocraft.com> | 2021-08-13 11:21:57 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-08-13 11:21:57 +0300 |
commit | 397badec453c021473baaf5f6c84211536c7f71e (patch) | |
tree | 9d62b08fc28ebb251ad09546ed487816fecaba5c /plugins/CoreHome | |
parent | 9d436c49ec32c9529bf3009bca46f0ed18a1c3d9 (diff) |
add token_auth to overlay requests where necessary (#17851)
* add token_auth to overlay requests where necessary #17640
* ensure all links on overlay page work as expected both, with token_auth and when logged in #17640
* DRY force_api_session=1 and token_auth parameters in broadcast.js and correct in other code for convenience #17640
* polish logic for overlay with token_auth and change minimal logic in client side while validating token_auth in View::shouldPropagateTokenAuthInAjaxRequests() #17640
* use 'string' as string parameter #17640
* simplify token_auth check #17640
* revert git submodule to 4.x-dev version #17640
* return $tokenAuth string (truthy) only, simplify condition, ensure & is prepended to token_auth url param #17640
* revert submodule change
* Update core/View.php
Co-authored-by: Stefan Giehl <stefan@matomo.org>
Co-authored-by: sgiehl <stefan@matomo.org>
Diffstat (limited to 'plugins/CoreHome')
4 files changed, 6 insertions, 3 deletions
diff --git a/plugins/CoreHome/angularjs/common/services/piwik-api.js b/plugins/CoreHome/angularjs/common/services/piwik-api.js index 53edc3f292..b9a8a9fb2f 100644 --- a/plugins/CoreHome/angularjs/common/services/piwik-api.js +++ b/plugins/CoreHome/angularjs/common/services/piwik-api.js @@ -338,7 +338,7 @@ var hasBlockedContent = false; } return { - withTokenInUrl: withTokenInUrl, + withTokenInUrl: withTokenInUrl, // technically should probably be called withTokenInPost bulkFetch: bulkFetch, post: post, fetch: fetch, diff --git a/plugins/CoreHome/angularjs/widget-loader/widgetloader.directive.js b/plugins/CoreHome/angularjs/widget-loader/widgetloader.directive.js index b1c0c3a11d..4614f01bbf 100644 --- a/plugins/CoreHome/angularjs/widget-loader/widgetloader.directive.js +++ b/plugins/CoreHome/angularjs/widget-loader/widgetloader.directive.js @@ -114,7 +114,10 @@ } if (piwik.shouldPropagateTokenAuth && broadcast.getValueFromUrl('token_auth')) { - url += '&force_api_session=1&token_auth=' + broadcast.getValueFromUrl('token_auth'); + if (!piwik.broadcast.isWidgetizeRequestWithoutSession()) { + url += '&force_api_session=1'; + } + url += '&token_auth=' + encodeURIComponent(broadcast.getValueFromUrl('token_auth')); } url += '&random=' + parseInt(Math.random() * 10000); diff --git a/plugins/CoreHome/javascripts/broadcast.js b/plugins/CoreHome/javascripts/broadcast.js index badabd0811..7fc0b848d5 100644 --- a/plugins/CoreHome/javascripts/broadcast.js +++ b/plugins/CoreHome/javascripts/broadcast.js @@ -176,7 +176,6 @@ var broadcast = { } } }, - isWidgetizedDashboard: function() { return broadcast.getValueFromUrl('module') == 'Widgetize' && broadcast.getValueFromUrl('moduleToWidgetize') == 'Dashboard'; }, diff --git a/plugins/CoreHome/javascripts/dataTable_rowactions.js b/plugins/CoreHome/javascripts/dataTable_rowactions.js index 3481e28b7b..5283944e32 100644 --- a/plugins/CoreHome/javascripts/dataTable_rowactions.js +++ b/plugins/CoreHome/javascripts/dataTable_rowactions.js @@ -474,6 +474,7 @@ DataTable_RowActions_RowEvolution.prototype.showRowEvolution = function (apiMeth var ajaxRequest = new ajaxHelper(); ajaxRequest.addParams(requestParams, 'get'); + ajaxRequest.withTokenInUrl(); ajaxRequest.setCallback(callback); ajaxRequest.setFormat('html'); ajaxRequest.send(); |