diff --git a/htdocs/js/app.js b/htdocs/js/app.js index 4ba5340..9646046 100644 --- a/htdocs/js/app.js +++ b/htdocs/js/app.js @@ -25,7 +25,7 @@ app.extend({ // receive config from server if (resp.code) { app.showProgress( 1.0, "Waiting for manager server..." ); - setTimeout( function() { load_script( '/api/app/config?callback=app.receiveConfig' ); }, 1000 ); + setTimeout( function() { load_script( '/api/app/config' ); }, 1000 ); return; } delete resp.code; diff --git a/htdocs/js/pages/Login.class.js b/htdocs/js/pages/Login.class.js index 5064540..e498976 100644 --- a/htdocs/js/pages/Login.class.js +++ b/htdocs/js/pages/Login.class.js @@ -31,8 +31,6 @@ Class.subclass( Page.Base, "Page.Login", { this.div.css({ 'padding-top':'75px', 'padding-bottom':'75px' }); var html = ''; - // html += ''; - // html += '
'; html += '
'; html += '
User Login
'; diff --git a/lib/api/config.js b/lib/api/config.js index df3cb67..0d23158 100644 --- a/lib/api/config.js +++ b/lib/api/config.js @@ -15,9 +15,7 @@ module.exports = Class.create({ // send config to client var self = this; - // prevent XSS - args.query.callback = 'app.receiveConfig'; - + // do not cache this API response this.forceNoCacheResponse(args); @@ -56,7 +54,9 @@ module.exports = Class.create({ }; } - callback(resp); + // wrap response in JavaScript + var payload = 'app.receiveConfig(' + JSON.stringify(resp) + ');' + "\n"; + callback( "200 OK", { 'Content-Type': 'text/javascript' }, payload ); } } ); diff --git a/package.json b/package.json index 1966c91..d69a83f 100644 --- a/package.json +++ b/package.json @@ -62,8 +62,8 @@ "pixl-request": "^1.0.36", "pixl-server": "^1.0.40", "pixl-server-api": "^1.0.2", - "pixl-server-storage": "^3.1.12", - "pixl-server-web": "^1.3.30", + "pixl-server-storage": "^3.1.18", + "pixl-server-web": "^2.0.0", "pixl-tools": "^1.0.29", "pixl-webapp": "^2.0.2", "read-last-lines": "^1.8.0",