From: Calin Crisan <ccrisan@gmail.com>
Date: Sat, 28 Feb 2015 10:53:32 +0000 (+0200)
Subject: POSTs to /login return now text/html to prevent stupid IE to prompt for
X-Git-Url: http://www.vanbest.org/gitweb/?a=commitdiff_plain;h=91a3c0e37ba1070fcbe22e5870a8a658f28433b4;p=motioneye-debian

POSTs to /login return now text/html to prevent stupid IE to prompt for
downloading json
---

diff --git a/src/handlers.py b/src/handlers.py
index 12ebe92..8851bc6 100644
--- a/src/handlers.py
+++ b/src/handlers.py
@@ -71,6 +71,7 @@ class BaseHandler(RequestHandler):
         
         username = self.get_argument('_username', None)
         signature = self.get_argument('_signature', None)
+        login = self.get_argument('_login', None) == 'true'
         if (username == main_config.get('@admin_username') and
             signature == utils.compute_signature(self.request.method, self.request.uri, self.request.body, main_config.get('@admin_password'))):
             
@@ -84,7 +85,7 @@ class BaseHandler(RequestHandler):
             
             return 'normal'
 
-        elif username and username != '_':
+        elif username and username != '_' and login:
             logging.error('authentication failed for user %(user)s' % {'user': username})
 
         return None
@@ -1327,4 +1328,8 @@ class LoginHandler(BaseHandler):
     def get(self):
         self.finish_json()
 
-    post = get
+    def post(self):
+        self.set_header('Content-Type', 'text/html')
+        if not self.current_user:
+            self.set_status(403)
+        self.finish()
diff --git a/static/js/main.js b/static/js/main.js
index dee8761..83ec100 100644
--- a/static/js/main.js
+++ b/static/js/main.js
@@ -166,9 +166,13 @@ function addAuthParams(method, url, body) {
     }
     
     url += '_username=' + window.username;
+    if (window._loginDialogSubmitted) {
+        url += '&_login=true';
+        delete _loginDialogSubmitted;
+    }
     var signature = computeSignature(method, url, body);
     url += '&_signature=' + signature;
-    
+
     return url;
 }
 
@@ -2159,6 +2163,7 @@ function runLoginDialog(retry) {
             {caption: 'Login', isDefault: true, click: function () {
                 window.username = usernameEntry.val();
                 window.password = passwordEntry.val();
+                window._loginDialogSubmitted = true;
                 
                 setCookie('username', window.username);