Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS error when trying to delete project #5

Open
derekeder opened this issue Sep 21, 2013 · 3 comments
Open

XSS error when trying to delete project #5

derekeder opened this issue Sep 21, 2013 · 3 comments

Comments

@derekeder
Copy link
Member

Trying to delete deprecated app:

$.post( 'http://civic-json-app.herokuapp.com/delete-project/', data={'project_url': "https://github.com/smartchicago/chicago-health-atlas"}, function(resp){ console.log(resp) });

Getting an XSS error
screen shot 2013-09-21 at 10 35 34 am
@evz
Copy link
Contributor

evz commented Sep 21, 2013

Whoops, heh, well, there are actually two things going on there. If you look at that route in the flask app, you'll see that it's missing the cross-domain decorator. The other thing is that you need a super secret key in order to actually delete stuff. Let's talk a bit offline about how to implement this, just so we don't get some joker in there deleting junk all willy-nilly.

@evz evz mentioned this issue Sep 21, 2013
Closed
@derekeder
Copy link
Member Author

🃏 + 〰️ = ‼️

@evz
Copy link
Contributor

evz commented Sep 22, 2013

Um, yes?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@evz @derekeder