Commit
7e75c5c56956d41d0e94668f75c9e51f4f264c1f
Exists in
staging
and in
38 other branches
all_pending_tasks_api, api-articles-period, api_roles, caching-rails4, captcha_serpro_plugin, comments_permissions, elasticsearch, elasticsearch_api, elasticsearch_categories, elasticsearch_filter, elasticsearch_sort, elasticsearch_to_merge, elasticsearch_view, environment-exposes-api, export-comment-api, export-comment-paragraph, export_data, external_followers, federation-webfinger, federation_followers, federation_followers_backend, federation_oauth_provider, federation_webfinger, fix_notification_email, fix_string_downcase_and_upcase, follower_permition, json_cookie_serializer, master, master_profile_followers, oauth_external_login, oauth_login, private-scraps, private-scraps-rebase, production, production-vendorized, profile_api_improvements, user_mention, webfinger_server
Merge branch 'fix-maps-load2' into 'master'
bugfix in xss permission - map in my_profile
This fixes a bug that happens when loading the map in my_profile (probably started happening in rails 4):
An ActionController::InvalidCrossOriginRequest occurred in maps#google_map:
Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.
actionpack (4.2.4) lib/action_controller/metal/request_forgery_protection.rb:225:in `verify_same_origin_request'
See merge request !746
|
1
| class MapsController < MyProfileController |
1
| class MapsController < MyProfileController |
|
2
| |
2
| |
|
| |
3
| + skip_before_filter :verify_authenticity_token, only: [:google_map] |
|
| |
4
| + |
|
3
| protect 'edit_profile', :profile |
5
| protect 'edit_profile', :profile |
|
4
| |
6
| |
|
5
| def edit_location |
7
| def edit_location |
