Download as
Browse Code »

Commit 2aa6b48757e87c5806e1c01e92c1f807bc4eae5b

Authored by Victor Costa
2 parents b4960cda 409f4f8a
Exists in theme-brasil-digital-from-staging and in 9 other branches angular_poc, api-article-archived, backup-7-jan-2016, captcha_serpro_plugin, login-captcha, production, resend_confirmation_email, staging, staging_rails3

Merge branch 'rails3' into rails3_stable

Showing 4 changed files with 14 additions and 3 deletions   Show diff stats
app/controllers/application_controller.rb
  Diff comments   View file @2aa6b48
... ... @@ -8,6 +8,12 @@ class ApplicationController < ActionController::Base
8 8 before_filter :init_noosfero_plugins
9 9 before_filter :allow_cross_domain_access
10 10  
  11 + after_filter :set_csrf_cookie
  12 +
  13 + def set_csrf_cookie
  14 + cookies['_noosfero_.XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery? && logged_in?
  15 + end
  16 +
11 17 def allow_cross_domain_access
12 18 origin = request.headers['Origin']
13 19 return if origin.blank?
... ... @@ -91,6 +97,10 @@ class ApplicationController < ActionController::Base
91 97  
92 98 protected
93 99  
  100 + def verified_request?
  101 + super || form_authenticity_token == request.headers['X-XSRF-TOKEN']
  102 + end
  103 +
94 104 def setup_multitenancy
95 105 Noosfero::MultiTenancy.setup!(request.host)
96 106 end
... ...
app/helpers/application_helper.rb
  Diff comments   View file @2aa6b48
... ... @@ -974,7 +974,7 @@ module ApplicationHelper
974 974 end
975 975  
976 976 def jquery_theme
977   - theme_option(:jquery_theme) || 'smoothness_mod'
  977 + theme_option(:jquery_theme) || 'smoothness'
978 978 end
979 979  
980 980 def ui_error(message)
... ...
app/views/layouts/application-ng.html.erb
  Diff comments   View file @2aa6b48
... ... @@ -43,7 +43,6 @@
43 43 DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'" %>;
44 44 </script>
45 45  
46   - <%= csrf_meta_tag %>
47 46 </head>
48 47 <body class="<%= h body_classes %>">
49 48 <a href="#content" id="link-go-content"><span><%= _("Go to the content") %></span></a>
... ...
public/javascripts/application.js
  Diff comments   View file @2aa6b48
... ... @@ -511,7 +511,7 @@ jQuery(function($) {
511 511 $.ajaxSetup({
512 512 cache: false,
513 513 headers: {
514   - 'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
  514 + 'X-CSRF-Token': $.cookie("_noosfero_.XSRF-TOKEN")
515 515 }
516 516 });
517 517  
... ... @@ -523,6 +523,8 @@ jQuery(function($) {
523 523 if (data.chat_enabled) {
524 524 setInterval(function(){ $.getJSON('/account/user_data', chatOnlineUsersDataCallBack)}, 10000);
525 525 }
  526 + $('head').append('<meta content="authenticity_token" name="csrf-param" />');
  527 + $('head').append('<meta content="'+$.cookie("_noosfero_.XSRF-TOKEN")+'" name="csrf-token" />');
526 528 } else {
527 529 // not logged in
528 530 $('#user .not-logged-in, .login-block .not-logged-user').fadeIn();
... ...