Item13213: fixed nonce recycling in save+continue

... as Foswiki > 1.2.0 now sends a new X-Foswiki-Nonce by it self as part of every REST respons. Is that really required?
foswiki · Jan 14, 2015 · 70061ba · 70061ba
1 parent 345c6f0
commit 70061ba
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 12 deletions.
diff --git a/NatEditPlugin/lib/Foswiki/Plugins/NatEditPlugin.pm b/NatEditPlugin/lib/Foswiki/Plugins/NatEditPlugin.pm
@@ -30,8 +30,8 @@ BEGIN {
     }
 }
 
-our $VERSION           = '9.00';
-our $RELEASE           = '16 Dec 2014';
+our $VERSION           = '9.01';
+our $RELEASE           = '14 Jan 2015';
 our $NO_PREFS_IN_TOPIC = 1;
 our $SHORTDESCRIPTION  = 'A Wikiwyg Editor';
 our $baseWeb;

diff --git a/NatEditPlugin/lib/Foswiki/Plugins/NatEditPlugin/RestSave.pm b/NatEditPlugin/lib/Foswiki/Plugins/NatEditPlugin/RestSave.pm
@@ -67,12 +67,18 @@ sub handle {
     $response->deleteHeader( "Location", "Status" );
     $response->pushHeader( "Status", $status );
 
-    # add validation key to HTTP header
-    my $cgis = $session->getCGISession();
-    my $context = $request->url( -full => 1, -path => 1, -query => 1 ) . time();
-    my $usingStrikeOne = $Foswiki::cfg{Validation}{Method} eq 'strikeone';
-    $response->pushHeader( 'X-Foswiki-Validation',
-        _generateValidationKey( $cgis, $context, $usingStrikeOne ) );
+    # add validation key to HTTP header, if required
+    unless ( $response->getHeader('X-Foswiki-Validation') ) {
+
+        my $cgis = $session->getCGISession();
+        my $context =
+          $request->url( -full => 1, -path => 1, -query => 1 ) . time();
+
+        my $usingStrikeOne = $Foswiki::cfg{Validation}{Method} eq 'strikeone';
+
+        $response->pushHeader( 'X-Foswiki-Validation',
+            _generateValidationKey( $cgis, $context, $usingStrikeOne ) );
+    }
 
     return ( defined $error ) ? stringifyError($error) : '';
 }

diff --git a/NatEditPlugin/pub/System/NatEditPlugin/jquery.natedit.uncompressed.js b/NatEditPlugin/pub/System/NatEditPlugin/jquery.natedit.uncompressed.js
@@ -921,10 +921,12 @@ $.NatEditor.prototype.initForm = function() {
               },
               complete: function(xhr, textStatus) {
                 var nonce = xhr.getResponseHeader('X-Foswiki-Validation');
-                // patch in new nonce
-                $("input[name='validation_key']").each(function() {
-                  $(this).val("?" + nonce);
-                });
+                if (nonce) {
+                  // patch in new nonce
+                  $("input[name='validation_key']").each(function() {
+                    $(this).val("?" + nonce);
+                  });
+                }
                 document.title = origTitle;
                 $.unblockUI();
               }