Download as
Browse Code »

Commit 7e75c5c56956d41d0e94668f75c9e51f4f264c1f

Authored by Braulio Bhavamitra
2 parents fd438e0d 1cc1598d
Exists in master and in 18 other branches add_member_task_reject_details, admin_visible_profile, community_notifications, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, organization_ratings_improvements, profile_api_improvements, ratings_minor_fixes, send_email_to_admins, stable-spb-1.4, stable-spb-1.5, web_steps_improvements

Merge branch 'fix-maps-load2' into 'master' 

bugfix in xss permission - map in my_profile

This fixes a bug that happens when loading the map in my_profile (probably started happening in rails 4):


An ActionController::InvalidCrossOriginRequest occurred in maps#google_map:

  Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.
  actionpack (4.2.4) lib/action_controller/metal/request_forgery_protection.rb:225:in `verify_same_origin_request'

See merge request !746
Showing 1 changed file with 2 additions and 0 deletions   Show diff stats
app/controllers/my_profile/maps_controller.rb
  Diff comments   View file @7e75c5c
1 1 class MapsController < MyProfileController
2 2  
  3 + skip_before_filter :verify_authenticity_token, only: [:google_map]
  4 +
3 5 protect 'edit_profile', :profile
4 6  
5 7 def edit_location
... ...