From 5b82ed62dc21d8dc922dcafb5aa5e15ce4fcc142 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 14 Mar 2013 04:32:21 -0400
Subject: [PATCH] Better handling of session errors in ajax requests - do page reload on 403 Forbidden response (#1488960)
---
program/js/app.js | 32 ++++++++++++++++++++++++++------
1 files changed, 26 insertions(+), 6 deletions(-)
diff --git a/program/js/app.js b/program/js/app.js
index 13f1378..329bd77 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -3038,10 +3038,10 @@
input_message = $("[name='_message']").get(0),
html_mode = $("input[name='_is_html']").val() == '1',
ac_fields = ['cc', 'bcc', 'replyto', 'followupto'],
- ac_props;
+ ac_props, opener_rc = this.opener();
// close compose step in opener
- if (window.opener && !window.opener.closed && opener.rcmail && opener.rcmail.env.action == 'compose') {
+ if (opener_rc && opener_rc.env.action == 'compose') {
setTimeout(function(){ opener.history.back(); }, 100);
this.env.opened_extwin = true;
}
@@ -3720,9 +3720,10 @@
this.display_message(msg, type);
if (this.env.extwin) {
+ var opener_rc = this.opener();
this.lock_form(this.gui_objects.messageform);
- if (window.opener && !window.opener.closed && opener.rcmail)
- opener.rcmail.display_message(msg, type);
+ if (opener_rc)
+ opener_rc.display_message(msg, type);
setTimeout(function(){ window.close() }, 1000);
}
else {
@@ -4290,7 +4291,7 @@
this.group_member_change('add', cid, dest, to.id);
else {
var lock = this.display_message(this.get_label('copyingcontact'), 'loading'),
- post_data = {_cid: cid, _source: source, _to: dest, _togid: to.id, _gid: group};
+ post_data = {_cid: cid, _source: this.env.source, _to: dest, _togid: to.id, _gid: group};
this.http_post('copy', post_data, lock);
}
@@ -4298,7 +4299,7 @@
// target is an addressbook
else if (to.id != source) {
var lock = this.display_message(this.get_label('copyingcontact'), 'loading'),
- post_data = {_cid: cid, _source: source, _to: to.id, _gid: group};
+ post_data = {_cid: cid, _source: this.env.source, _to: to.id, _gid: group};
this.http_post('copy', post_data, lock);
}
@@ -6349,6 +6350,14 @@
if (location_url && this.env.action != 'compose') // don't redirect on compose screen, contents might get lost (#1488926)
this.redirect(location_url);
+ // 403 Forbidden response (CSRF prevention) - reload the page.
+ // In case there's a new valid session it will be used, otherwise
+ // login form will be presented (#1488960).
+ if (request.status == 403) {
+ (this.is_framed() ? parent : window).location.reload();
+ return;
+ }
+
// re-send keep-alive requests after 30 seconds
if (action == 'keep-alive')
setTimeout(function(){ ref.keep_alive(); ref.start_keepalive(); }, 30000);
@@ -6601,6 +6610,17 @@
/********* helper methods *********/
/********************************************************/
+ // get window.opener.rcmail if available
+ this.opener = function()
+ {
+ // catch Error: Permission denied to access property rcmail
+ try {
+ if (window.opener && !opener.closed && opener.rcmail)
+ return opener.rcmail;
+ }
+ catch (e) {}
+ };
+
// check if we're in show mode or if we have a unique selection
// and return the message uid
this.get_single_uid = function()
--
Gitblit v1.9.1