GitHub/Anki
1
0
Fork 0
mirror of https://github.com/ankitects/anki.git synced 2025-11-18 10:37:12 -05:00
Code Issues Projects Releases Packages 1 Wiki Activity Actions
Anki/qt/aqt
History
Damien Elmes 2fc6b72460 Require an auth token for API access 
We were previously inspecting the referrer, but that is spoofable,
and doesn't guard against other processes on the machine.

To accomplish this, we use a request interceptor to automatically
add an auth token to webviews with the right context. Some related
changes were required:

- We avoid storing _page, which was leading to leaks & warning on exit
- At webview creation (or set_kind() invocation), we assign either
an authenticated or unauthenticated web profile.
- Some of our screens initialize the AnkiWebView when calling, e.g.,
aqt.forms.stats.Ui_Dialog(). They then immediately call .set_kind().
This reveals a race condition in our DOM handling code: the webview
initialization creates an empty page with the injected script, which
causes a domDone signal to be sent back. This signal arrives after
we've created another page with .set_kind(), causing our code to think
the DOM is ready when it's not. Then when we try to inject the dynamic
styling, we get an error, as the DOM is not ready yet. In the absence
of better solutions, I've added a hack to set_kind() to deal with this
for now.

(cherry picked from commit 24bca15fd3)
2025-04-17 11:17:47 +10:00
..
browser Replace use of window.postMessage in card info (#3646) 2024-12-18 11:32:07 +03:00
data Revert "Fix ease button alignment (#3474)" (#3522) 2024-10-26 18:50:02 +10:00
forms Give editcurrent its own menubar too 2025-02-06 18:57:59 +07:00
import_export Enable strict_optional for aqt/data, aqt/forms, aqt/import_export (#3489) 2024-10-12 14:36:15 +10:00
operations Update type annotations (#3322) 2024-07-26 17:57:25 +07:00
qt Revert "Qt 6.8.1" 2025-01-25 21:41:33 +11:00
__init__.py Log Anki version at startup 2025-01-24 14:33:34 +11:00
_macos_helper.py Update type annotations (#3322) 2024-07-26 17:57:25 +07:00
about.py Update Deck Options strings to clarify Timers (#3792) 2025-02-06 15:17:30 +07:00
addcards.py only change notetype/deck when reopening if no changes to discard (#3798) 2025-02-09 15:58:21 +03:00
addons.py fix error when right-clicking empty space in update addons dialog (#3780) 2025-01-30 23:42:27 +11:00
ankihub.py Integrate AnkiHub Sign-in (#3232) 2024-08-17 10:58:23 +07:00
changenotetype.py Enable strict_optional for aqt/clayout, changenotetype, fields (#3544) 2024-10-30 13:40:40 +03:00
clayout.py "Copy template as markdown" button. (#3719) 2025-01-15 20:29:35 +11:00
colors.py Move away from Bazel (#2202) 2022-11-27 15:24:20 +10:00
customstudy.py Fix mypy errors 2024-10-26 19:19:20 -07:00
dbcheck.py Ensure DB check tooltip appears in main window 2024-04-30 23:21:41 +10:00
debug_console.py Increase font size in debug console (#3743) 2025-01-20 06:47:33 +03:00
deckbrowser.py Enable strict_optional for aqt/deckbrowser.py (#3537) 2024-10-28 14:16:42 +10:00
deckchooser.py Allow choosing filtered decks in stats (#3687) 2025-01-04 17:39:16 +03:00
deckconf.py Improve exception handling (#3290) 2024-08-04 20:51:13 +07:00
deckdescription.py Enable strict_optional for aqt/deckdescription.py (#3538) 2024-10-28 14:18:16 +10:00
deckoptions.py Deck options without bridge (#3571) 2025-01-08 21:30:30 +11:00
editcurrent.py Give editcurrent its own menubar too 2025-02-06 18:57:59 +07:00
editor.py add image context menu actions for io mask editor (#3779) 2025-01-31 00:06:29 +11:00
emptycards.py Enable strict_optional for aqt/debug_console, emptycards, flags (#3565) 2024-11-09 13:43:51 +03:00
errors.py Prompt user to apply Windows updates when SSL connection fails 2025-02-06 22:57:15 +07:00
exporting.py Update type annotation syntax (#3283) 2024-07-21 14:00:52 +07:00
fields.py "Fields for ..." 2024-11-23 22:45:19 +11:00
filtered_deck.py Enable strict_optional for aqt/deckoptions, editcurrent, filtered_deck (#3556) 2024-11-07 08:33:41 +10:00
flags.py Enable strict_optional for aqt/debug_console, emptycards, flags (#3565) 2024-11-09 13:43:51 +03:00
gui_hooks.py Move away from Bazel (#2202) 2022-11-27 15:24:20 +10:00
importing.py update error message (#3612) 2024-12-06 03:05:49 +03:00
legacy.py Import submodules directly (#1662) 2022-02-13 13:40:47 +10:00
log.py Add support for python logging (#2969) 2024-02-11 16:41:50 +10:00
main.py Refactoring and comments (#3721) 2025-01-12 15:46:20 +11:00
mediacheck.py Enable strict_optional for aqt/mediacheck, theme, toolbar (#3569) 2024-11-12 19:47:04 +03:00
mediasrv.py Require an auth token for API access 2025-04-17 11:17:47 +10:00
mediasync.py Enable strict_optional for aqt/mediasync, package, progress (#3577) 2024-11-15 16:24:50 +03:00
modelchooser.py Enable strict_optional for aqt/modelchooser.py (#3539) 2024-10-28 14:19:31 +10:00
models.py Fix "Note Types" dialog moving down each time it is opened (#3718) 2025-01-12 15:33:37 +11:00
mpv.py Fix mpv loadfile syntax change 2 (#3711) 2025-01-10 19:16:08 +11:00
notetypechooser.py Enable strict_optional for aqt/notetypechooser, stats, switch (#3558) 2024-11-08 13:42:42 +03:00
overview.py Fix mypy errors 2024-10-26 19:07:43 -07:00
package.py Enable strict_optional for aqt/mediasync, package, progress (#3577) 2024-11-15 16:24:50 +03:00
preferences.py Remove legacy import option (#3536) 2024-11-05 18:25:06 +10:00
profiles.py Remove legacy import option (#3536) 2024-11-05 18:25:06 +10:00
progress.py Enable strict_optional for aqt/mediasync, package, progress (#3577) 2024-11-15 16:24:50 +03:00
props.py Move away from Bazel (#2202) 2022-11-27 15:24:20 +10:00
py.typed mark anki and aqt modules as having typing info 2020-01-13 13:03:37 +10:00
reviewer.py Update reviewer.py to prevent custom scheduler js from commenting out py code (#3795) 2025-02-09 16:06:49 +03:00
schema_change_tracker.py Add ability to restore a notetype to its original configuration (#2472) 2023-04-18 14:07:51 +10:00
sound.py Require an auth token for API access 2025-04-17 11:17:47 +10:00
stats.py Allow choosing filtered decks in stats (#3687) 2025-01-04 17:39:16 +03:00
studydeck.py Enable strict_optional for aqt/studydeck, tts, mediasrv (#3542) 2024-10-29 12:05:54 +03:00
stylesheets.py Use platform-native button layout in dialogs and messageboxes (#3725) 2025-01-13 14:24:21 +11:00
switch.py Remove hardcoded note/card colours from switch.py (#3629) 2024-12-14 21:30:28 +11:00
sync.py Enable strict_optional for aqt/tagedit, utils, sync (#3578) 2024-11-15 16:29:19 +03:00
tagedit.py Enable strict_optional for aqt/tagedit, utils, sync (#3578) 2024-11-15 16:29:19 +03:00
taglimit.py Fix mypy errors 2024-10-26 19:33:04 -07:00
taskman.py fix: add proper imports (#3296) 2024-08-05 11:34:46 +07:00
theme.py Use platform-native button layout in dialogs and messageboxes (#3725) 2025-01-13 14:24:21 +11:00
toolbar.py Refactoring and comments (#3721) 2025-01-12 15:46:20 +11:00
tts.py Don't parse TTS text as XML (#3651) 2024-12-22 11:09:00 +10:00
undo.py Dependency updates (#3040) 2024-02-28 16:28:04 +07:00
update.py Fix UI hanging when update check stalls 2024-10-15 21:32:46 +10:00
utils.py Split off path into its own arg (#3641) 2024-12-16 14:15:05 +03:00
webview.py Require an auth token for API access 2025-04-17 11:17:47 +10:00
widgetgallery.py Improve debug console (#2435) 2023-03-15 15:29:05 +10:00
winpaths.py run pyupgrade over codebase [python upgrade required] 2021-10-04 15:05:48 +10:00