From 6c181fbb05d77815ed787cf47a212392cbe86b16 Mon Sep 17 00:00:00 2001
From: Victor Costa <vfcosta@gmail.com>
Date: Thu, 11 Feb 2016 14:42:41 -0300
Subject: [PATCH] Revert "Fix csrf token verification"

---
 app/controllers/application_controller.rb | 5 ++---
 public/javascripts/application.js         | 6 ------
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c893722..5cb2319 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,7 +1,7 @@
 require 'noosfero/multi_tenancy'
 
 class ApplicationController < ActionController::Base
-  #protect_from_forgery
+  protect_from_forgery
 
   before_filter :detect_stuff_by_domain
   before_filter :init_noosfero_plugins
@@ -106,8 +106,7 @@ class ApplicationController < ActionController::Base
   protected
 
   def verified_request?
-    true
-    #super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN'])
+    super || form_authenticity_token == request.headers['X-XSRF-TOKEN']
   end
 
   def boxes_editor?
diff --git a/public/javascripts/application.js b/public/javascripts/application.js
index 1d310b7..b957b48 100644
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -568,12 +568,6 @@ function userDataCallback(data) {
     // logged in
     jQuery('head').append('<meta content="authenticity_token" name="csrf-param" />');
     jQuery('head').append('<meta content="'+jQuery.cookie("_noosfero_.XSRF-TOKEN")+'" name="csrf-token" />');
-    jQuery.ajaxSetup({
-      cache: false,
-      headers: {
-        'X-XSRF-TOKEN': jQuery.cookie("_noosfero_.XSRF-TOKEN")
-      }
-    });
   }
   if (data.notice) {
     display_notice(data.notice);
--
libgit2 0.21.2