From: Eric Price <ecprice@mit.edu>
Date: Fri, 21 Aug 2009 16:13:44 +0000 (-0400)
Subject: disable GETting to post keyboards to ajaxterm
X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/commitdiff_plain/69d11ccb77e5d5583fa1aee318a6afaa77000826

disable GETting to post keyboards to ajaxterm

svn path=/package_branches/invirt-web/ajaxterm-rebased/; revision=2759
---

diff --git a/code/main.py b/code/main.py
index ecb4363..1f9189f 100755
--- a/code/main.py
+++ b/code/main.py
@@ -411,6 +411,7 @@ console will suffer artifacts.
             return d
 
         @cherrypy.expose
+        @cherrypy.tools.require_POST()
         @cherrypy.tools.gzip()
         def at(self, machine_id, k=None, c=0, force=0):
             machine = validation.Validate(cherrypy.request.login, cherrypy.request.state, machine_id=machine_id).machine
diff --git a/code/static/ajaxterm/ajaxterm.js b/code/static/ajaxterm/ajaxterm.js
index 8d44037..f1703b3 100644
--- a/code/static/ajaxterm/ajaxterm.js
+++ b/code/static/ajaxterm/ajaxterm.js
@@ -17,7 +17,6 @@ ajaxterm.Terminal_ctor=function(id,machine_id) {
 	var div=document.getElementById(id);
 	var dstat=document.createElement('pre');
 	var sled=document.createElement('span');
-	var opt_get=document.createElement('a');
 	var opt_color=document.createElement('a');
 	var opt_paste=document.createElement('a');
 	var sdebug=document.createElement('span');
@@ -36,10 +35,6 @@ ajaxterm.Terminal_ctor=function(id,machine_id) {
 		dstat.appendChild(opt);
 		dstat.appendChild(document.createTextNode(' '));
 	}
-	function do_get(event) {
-		opt_get.className=(opt_get.className=='off')?'on':'off';
-		debug('GET '+opt_get.className);
-	}
 	function do_color(event) {
 		var o=opt_color.className=(opt_color.className=='off')?'on':'off';
 		if(o=='on')
@@ -107,14 +102,7 @@ ajaxterm.Terminal_ctor=function(id,machine_id) {
 			    query=query+"&force=1";
 			    force=false;
 			}
-			if(opt_get.className=='on') {
-				r.open("GET",base_path+"?"+query,true);
-				if(ie) {
-					r.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
-				}
-			} else {
-				r.open("POST",base_path,true);
-			}
+			r.open("POST",base_path,true);
 			r.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
 			r.onreadystatechange = function () {
 //				debug("xhr:"+((new Date).getTime())+" state:"+r.readyState+" status:"+r.status+" statusText:"+r.statusText);
@@ -145,11 +133,7 @@ ajaxterm.Terminal_ctor=function(id,machine_id) {
 				}
 			}
 			error_timeout=window.setTimeout(error,5000);
-			if(opt_get.className=='on') {
-				r.send(null);
-			} else {
-				r.send(query);
-			}
+			r.send(query);
 		}
 	}
 	function queue(s) {
@@ -257,18 +241,15 @@ ajaxterm.Terminal_ctor=function(id,machine_id) {
 		dstat.appendChild(document.createTextNode(' '));
 		opt_add(opt_color,'Colors');
 		opt_color.className='on';
-		opt_add(opt_get,'GET');
 		opt_add(opt_paste,'Paste');
 		dstat.appendChild(sdebug);
 		dstat.className='stat';
 		div.appendChild(dstat);
 		div.appendChild(dterm);
 		if(opt_color.addEventListener) {
-			opt_get.addEventListener('click',do_get,true);
 			opt_color.addEventListener('click',do_color,true);
 			opt_paste.addEventListener('click',do_paste,true);
 		} else {
-			opt_get.attachEvent("onclick", do_get);
 			opt_color.attachEvent("onclick", do_color);
 			opt_paste.attachEvent("onclick", do_paste);
 		}