Fix XSRF token in gcl so we don't need to hack rietveld anymore.

gcl.py

 #!/usr/bin/python
 # Copyright (c) 2010 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """\
 Wrapper script around Rietveld's upload.py that simplifies working with groups
 of files.
 """
 
@@ skipping 325 matching lines @@
           'rietveld': self.rietveld,
         }, sort_keys=True, indent=2)
     gclient_utils.FileWrite(GetChangelistInfoFile(self.name), data)
 
   def Delete(self):
     """Removes the changelist information from disk."""
     os.remove(GetChangelistInfoFile(self.name))
 
   def CloseIssue(self):
     """Closes the Rietveld issue for this changelist."""
-    data = [("description", self.description),]
+    # Newer versions of Rietveld require us to pass an XSRF token to POST, so
+    # we fetch it from the server.
+    xsrf_token = self.SendToRietveld(
+        '/xsrf_token',
+        extra_headers={'X-Requesting-XSRF-Token': '1'})
+
+    # You cannot close an issue with a GET.
+    # We pass an empty string for the data so it is a POST rather than a GET.
+    data = [("description", self.description),
+            ("xsrf_token", xsrf_token)]
     ctype, body = upload.EncodeMultipartFormData(data, [])
-    self.SendToRietveld('/%d/close' % self.issue, body, ctype)
+    self.SendToRietveld('/%d/close' % self.issue, payload=body,
+        content_type=ctype)
 
   def UpdateRietveldDescription(self):
     """Sets the description for an issue on Rietveld."""
     data = [("description", self.description),]
     ctype, body = upload.EncodeMultipartFormData(data, [])
-    self.SendToRietveld('/%d/description' % self.issue, body, ctype)
+    self.SendToRietveld('/%d/description' % self.issue, payload=body,
+        content_type=ctype)
 
   def GetIssueDescription(self):
     """Returns the issue description from Rietveld."""
     return self.SendToRietveld('/%d/description' % self.issue)
 
   def PrimeLint(self):
     """Do background work on Rietveld to lint the file so that the results are
     ready when the issue is viewed."""
     if self.issue and self.patchset:
       self.SendToRietveld('/lint/issue%s_%s' % (self.issue, self.patchset),
           timeout=1)
 
-  def SendToRietveld(self, request_path, payload=None,
-                    content_type="application/octet-stream", timeout=None):
+  def SendToRietveld(self, request_path, timeout=None, **kwargs):
     """Send a POST/GET to Rietveld.  Returns the response body."""
     if not self.rietveld:
       ErrorExit(CODEREVIEW_SETTINGS_FILE_NOT_FOUND)
     def GetUserCredentials():
       """Prompts the user for a username and password."""
       email = upload.GetEmail('Email (login for uploading to %s)' %
           self.rietveld)
       password = getpass.getpass('Password for %s: ' % email)
       return email, password
     rpc_server = upload.HttpRpcServer(self.rietveld,
                                       GetUserCredentials,
                                       save_cookies=True)
     try:
-      return rpc_server.Send(request_path, payload, content_type, timeout)
+      return rpc_server.Send(request_path, timeout=timeout, **kwargs)
     except urllib2.URLError:
       if timeout is None:
         ErrorExit('Error accessing url %s' % request_path)
       else:
         return None
 
   def MissingTests(self):
     """Returns True if the change looks like it needs unit tests but has none.
 
     A change needs unit tests if it contains any new source files or methods.
@@ skipping 986 matching lines @@
     if e.code != 500:
       raise
     print >> sys.stderr, (
         'AppEngine is misbehaving and returned HTTP %d, again. Keep faith '
         'and retry or visit go/isgaeup.\n%s') % (e.code, str(e))
     return 1
 
 
 if __name__ == "__main__":
   sys.exit(main(sys.argv[1:]))