On 04/05/2010 17:30, Fred Wenzel wrote:
> Did you package up the extension with this change so we can try it
> out? The method of providing a CSRF token in the X-AM-Status header
> seems to work for Django (and I assume it'd also work for most other
> frameworks that provide a CSRF mechanism), but version 0.0.12 of the
> extension does not seem to respect it.
Yes it works. I use it. See
http://github.com/francois2metz/django-account-manager
(http://github.com/francois2metz/django-account-manager/commit/698d5c40ffb7b6b874215b73b461bc0dbcdf03ab)
> Also, after clicking "connect", the extension sends a POST request to
> the login form, as expected resulting in a 403 response due to the
> missing token (this response contains no X-AM-Status header). The page
> reloads (also expected) but when I click on the key symbol again, the
> "bubble" is empty. There might be a bug in the error handling code
> there.
works for me :)