Commit 6c181fbb05d77815ed787cf47a212392cbe86b16
1 parent
2c03609d
Exists in
staging
and in
2 other branches
Revert "Fix csrf token verification"
This reverts commit b8f3f3f3a0f3d152424f21e8eaf8c6c00f33895d. Conflicts: app/controllers/application_controller.rb
Showing
2 changed files
with
2 additions
and
9 deletions
Show diff stats
app/controllers/application_controller.rb
| 1 | require 'noosfero/multi_tenancy' | 1 | require 'noosfero/multi_tenancy' |
| 2 | 2 | ||
| 3 | class ApplicationController < ActionController::Base | 3 | class ApplicationController < ActionController::Base |
| 4 | - #protect_from_forgery | 4 | + protect_from_forgery |
| 5 | 5 | ||
| 6 | before_filter :detect_stuff_by_domain | 6 | before_filter :detect_stuff_by_domain |
| 7 | before_filter :init_noosfero_plugins | 7 | before_filter :init_noosfero_plugins |
| @@ -106,8 +106,7 @@ class ApplicationController < ActionController::Base | @@ -106,8 +106,7 @@ class ApplicationController < ActionController::Base | ||
| 106 | protected | 106 | protected |
| 107 | 107 | ||
| 108 | def verified_request? | 108 | def verified_request? |
| 109 | - true | ||
| 110 | - #super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN']) | 109 | + super || form_authenticity_token == request.headers['X-XSRF-TOKEN'] |
| 111 | end | 110 | end |
| 112 | 111 | ||
| 113 | def boxes_editor? | 112 | def boxes_editor? |
public/javascripts/application.js
| @@ -568,12 +568,6 @@ function userDataCallback(data) { | @@ -568,12 +568,6 @@ function userDataCallback(data) { | ||
| 568 | // logged in | 568 | // logged in |
| 569 | jQuery('head').append('<meta content="authenticity_token" name="csrf-param" />'); | 569 | jQuery('head').append('<meta content="authenticity_token" name="csrf-param" />'); |
| 570 | jQuery('head').append('<meta content="'+jQuery.cookie("_noosfero_.XSRF-TOKEN")+'" name="csrf-token" />'); | 570 | jQuery('head').append('<meta content="'+jQuery.cookie("_noosfero_.XSRF-TOKEN")+'" name="csrf-token" />'); |
| 571 | - jQuery.ajaxSetup({ | ||
| 572 | - cache: false, | ||
| 573 | - headers: { | ||
| 574 | - 'X-XSRF-TOKEN': jQuery.cookie("_noosfero_.XSRF-TOKEN") | ||
| 575 | - } | ||
| 576 | - }); | ||
| 577 | } | 571 | } |
| 578 | if (data.notice) { | 572 | if (data.notice) { |
| 579 | display_notice(data.notice); | 573 | display_notice(data.notice); |