I'm developing a plugin for Trac and trying to submit some info to the database
The scheme is:
Everything was pretty fine while I was working with old 0.11 release. (not sure if that's the reason.
The company I've been working at updated Trac to the current stable 1.0.1 release and something is really wrong now.
Sending POST request without any data like this:
$.post("trac_dep_policy");
Went fine, but if I try to add some data:
$.post("trac_dep_policy", { name: "John", time: "2pm" } );
I get 400 Bad Request error. After some debugging I figured out it's the protection against CSRF attacks that is working against me. (web/main.py)
The question is simple - how should I deal with it?
CSRF protection is auto-added to each form by a combination of in-place Genshi template modification and read-back on POST request, and I know this has been added very early, fixed version in Trac 0.10.2 release to be clear.
You'll need to use XMLRPC protocol (see XMLRPC plugin) or read the hidden form token yourself.