Commit 6c181fbb05d77815ed787cf47a212392cbe86b16
1 parent
2c03609d
Exists in
staging
and in
2 other branches
Revert "Fix csrf token verification"
This reverts commit b8f3f3f3a0f3d152424f21e8eaf8c6c00f33895d. Conflicts: app/controllers/application_controller.rb
Showing
2 changed files
with
2 additions
and
9 deletions
Show diff stats
app/controllers/application_controller.rb
| 1 | 1 | require 'noosfero/multi_tenancy' |
| 2 | 2 | |
| 3 | 3 | class ApplicationController < ActionController::Base |
| 4 | - #protect_from_forgery | |
| 4 | + protect_from_forgery | |
| 5 | 5 | |
| 6 | 6 | before_filter :detect_stuff_by_domain |
| 7 | 7 | before_filter :init_noosfero_plugins |
| ... | ... | @@ -106,8 +106,7 @@ class ApplicationController < ActionController::Base |
| 106 | 106 | protected |
| 107 | 107 | |
| 108 | 108 | def verified_request? |
| 109 | - true | |
| 110 | - #super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN']) | |
| 109 | + super || form_authenticity_token == request.headers['X-XSRF-TOKEN'] | |
| 111 | 110 | end |
| 112 | 111 | |
| 113 | 112 | def boxes_editor? | ... | ... |
public/javascripts/application.js
| ... | ... | @@ -568,12 +568,6 @@ function userDataCallback(data) { |
| 568 | 568 | // logged in |
| 569 | 569 | jQuery('head').append('<meta content="authenticity_token" name="csrf-param" />'); |
| 570 | 570 | jQuery('head').append('<meta content="'+jQuery.cookie("_noosfero_.XSRF-TOKEN")+'" name="csrf-token" />'); |
| 571 | - jQuery.ajaxSetup({ | |
| 572 | - cache: false, | |
| 573 | - headers: { | |
| 574 | - 'X-XSRF-TOKEN': jQuery.cookie("_noosfero_.XSRF-TOKEN") | |
| 575 | - } | |
| 576 | - }); | |
| 577 | 571 | } |
| 578 | 572 | if (data.notice) { |
| 579 | 573 | display_notice(data.notice); | ... | ... |