Download as
Browse Code »

Commit 2aa6b48757e87c5806e1c01e92c1f807bc4eae5b

Authored by Victor Costa
2 parents b4960cda 409f4f8a
Exists in theme-brasil-digital-from-staging and in 9 other branches angular_poc, api-article-archived, backup-7-jan-2016, captcha_serpro_plugin, login-captcha, production, resend_confirmation_email, staging, staging_rails3

Merge branch 'rails3' into rails3_stable

Showing 4 changed files with 14 additions and 3 deletions   Show diff stats
app/controllers/application_controller.rb
  Diff comments   View file @2aa6b48
@@ -8,6 +8,12 @@ class ApplicationController < ActionController::Base @@ -8,6 +8,12 @@ class ApplicationController < ActionController::Base
8 before_filter :init_noosfero_plugins 8 before_filter :init_noosfero_plugins
9 before_filter :allow_cross_domain_access 9 before_filter :allow_cross_domain_access
10 10
  11 + after_filter :set_csrf_cookie
  12 +
  13 + def set_csrf_cookie
  14 + cookies['_noosfero_.XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery? && logged_in?
  15 + end
  16 +
11 def allow_cross_domain_access 17 def allow_cross_domain_access
12 origin = request.headers['Origin'] 18 origin = request.headers['Origin']
13 return if origin.blank? 19 return if origin.blank?
@@ -91,6 +97,10 @@ class ApplicationController < ActionController::Base @@ -91,6 +97,10 @@ class ApplicationController < ActionController::Base
91 97
92 protected 98 protected
93 99
  100 + def verified_request?
  101 + super || form_authenticity_token == request.headers['X-XSRF-TOKEN']
  102 + end
  103 +
94 def setup_multitenancy 104 def setup_multitenancy
95 Noosfero::MultiTenancy.setup!(request.host) 105 Noosfero::MultiTenancy.setup!(request.host)
96 end 106 end
app/helpers/application_helper.rb
  Diff comments   View file @2aa6b48
@@ -974,7 +974,7 @@ module ApplicationHelper @@ -974,7 +974,7 @@ module ApplicationHelper
974 end 974 end
975 975
976 def jquery_theme 976 def jquery_theme
977 - theme_option(:jquery_theme) || 'smoothness_mod' 977 + theme_option(:jquery_theme) || 'smoothness'
978 end 978 end
979 979
980 def ui_error(message) 980 def ui_error(message)
app/views/layouts/application-ng.html.erb
  Diff comments   View file @2aa6b48
@@ -43,7 +43,6 @@ @@ -43,7 +43,6 @@
43 DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'" %>; 43 DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'" %>;
44 </script> 44 </script>
45 45
46 - <%= csrf_meta_tag %>  
47 </head> 46 </head>
48 <body class="<%= h body_classes %>"> 47 <body class="<%= h body_classes %>">
49 <a href="#content" id="link-go-content"><span><%= _("Go to the content") %></span></a> 48 <a href="#content" id="link-go-content"><span><%= _("Go to the content") %></span></a>
public/javascripts/application.js
  Diff comments   View file @2aa6b48
@@ -511,7 +511,7 @@ jQuery(function($) { @@ -511,7 +511,7 @@ jQuery(function($) {
511 $.ajaxSetup({ 511 $.ajaxSetup({
512 cache: false, 512 cache: false,
513 headers: { 513 headers: {
514 - 'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content') 514 + 'X-CSRF-Token': $.cookie("_noosfero_.XSRF-TOKEN")
515 } 515 }
516 }); 516 });
517 517
@@ -523,6 +523,8 @@ jQuery(function($) { @@ -523,6 +523,8 @@ jQuery(function($) {
523 if (data.chat_enabled) { 523 if (data.chat_enabled) {
524 setInterval(function(){ $.getJSON('/account/user_data', chatOnlineUsersDataCallBack)}, 10000); 524 setInterval(function(){ $.getJSON('/account/user_data', chatOnlineUsersDataCallBack)}, 10000);
525 } 525 }
  526 + $('head').append('<meta content="authenticity_token" name="csrf-param" />');
  527 + $('head').append('<meta content="'+$.cookie("_noosfero_.XSRF-TOKEN")+'" name="csrf-token" />');
526 } else { 528 } else {
527 // not logged in 529 // not logged in
528 $('#user .not-logged-in, .login-block .not-logged-user').fadeIn(); 530 $('#user .not-logged-in, .login-block .not-logged-user').fadeIn();