Merge branch 'master' into production

cloud/routes.py

@@ -62,15 +62,6 @@ def _homepage_context() -> dict:
         post.picture = get_file(post.picture, api=api)
         post.url = url_for_node(node=post)
 
-        # Render attachments
-        try:
-            post_contents = post['properties']['content']
-        except KeyError:
-            log.warning('Blog post %s has no content', post._id)
-        else:
-            post['properties']['content'] = pillar.web.nodes.attachments.render_attachments(
-                post, post_contents)
-
     # Get latest assets added to any project
     latest_assets = Node.latest('assets', api=api)
 

src/templates/layout.pug

@@ -32,8 +32,7 @@ html(lang="en")
 		script(src="{{ url_for('static_pillar', filename='assets/js/vendor/jquery-3.1.0.min.js')}}")
 		script(src="{{ url_for('static_pillar', filename='assets/js/vendor/jquery.typeahead-0.11.1.min.js')}}")
 		script(src="{{ url_for('static_pillar', filename='assets/js/vendor/js.cookie-2.0.3.min.js')}}")
-
+		script(src="{{ url_for('static_pillar', filename='assets/js/vendor/clipboard.min.js')}}")
-		script.
 
 		| {% if current_user.has_cap('subscriber') %}
 		| {# Only load if we can comment (for converting markdown as-we-type) #}
@@ -322,6 +321,20 @@ html(lang="en")
 
 		script(src="{{ url_for('static_pillar', filename='assets/js/vendor/jquery.bootstrap-3.3.7.min.js') }}")
 
+		| {% if current_user.is_authenticated %}
+		script(src="{{ url_for('static_pillar', filename='assets/js/vendor/jquery.typewatch-3.0.0.min.js') }}")
+		script.
+			// When sending an AJAX request, always add the X-CSRFToken header to it.
+			var csrf_token = "{{ csrf_token() }}";
+			$.ajaxSetup({
+				beforeSend: function (xhr, settings) {
+					if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
+						xhr.setRequestHeader("X-CSRFToken", csrf_token);
+					}
+				}
+			});
+		| {% endif %}
+
 		script.
 			$(document).ready(function() {
 				{% if current_user.is_authenticated %}