Commit 6d69da649ec8173d3538821b873b3c79ca6e7c8f
Exists in
master
and in
19 other branches
Merge branch 'fix-http-cache' into 'master'
Fix HTTP caching and logins with rails 4 Since all cookies should be dropped for unauthenticated users, you cannot expect the XSRF cookie to be present to allow users to login! See merge request !739
Showing
2 changed files
with
2 additions
and
1 deletions
Show diff stats
app/controllers/public/account_controller.rb
| @@ -6,6 +6,8 @@ class AccountController < ApplicationController | @@ -6,6 +6,8 @@ class AccountController < ApplicationController | ||
| 6 | before_filter :redirect_if_logged_in, :only => [:login, :signup] | 6 | before_filter :redirect_if_logged_in, :only => [:login, :signup] |
| 7 | before_filter :protect_from_bots, :only => :signup | 7 | before_filter :protect_from_bots, :only => :signup |
| 8 | 8 | ||
| 9 | + protect_from_forgery except: [:login] | ||
| 10 | + | ||
| 9 | helper CustomFieldsHelper | 11 | helper CustomFieldsHelper |
| 10 | # say something nice, you goof! something sweet. | 12 | # say something nice, you goof! something sweet. |
| 11 | def index | 13 | def index |
vendor/plugins/noosfero_caching/init.rb
| @@ -27,7 +27,6 @@ module NoosferoHttpCaching | @@ -27,7 +27,6 @@ module NoosferoHttpCaching | ||
| 27 | end | 27 | end |
| 28 | 28 | ||
| 29 | def noosfero_session_check | 29 | def noosfero_session_check |
| 30 | - return unless params[:controller] == 'account' | ||
| 31 | headers["X-Noosfero-Auth"] = (session[:user] != nil).to_s | 30 | headers["X-Noosfero-Auth"] = (session[:user] != nil).to_s |
| 32 | end | 31 | end |
| 33 | 32 |