Download as
Browse Code »

Commit 7f92419af87298e6952e6cba752569e41ee39c02

Authored by Victor Costa
1 parent 43751b88
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

rails3: fix ajax requests with csrf protection

Showing 3 changed files with 10 additions and 2 deletions   Show diff stats
app/helpers/application_helper.rb
  Diff comments   View file @7f92419
... ... @@ -589,7 +589,7 @@ module ApplicationHelper
589 589 extra_info = extra_info.nil? ? '' : content_tag( 'span', extra_info, :class => 'extra_info' )
590 590 links = links_for_balloon(profile)
591 591 content_tag('div', content_tag(tag,
592   - (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ? link_to( content_tag( 'span', _('Profile links')), '#', :onclick => "toggleSubmenu(this, '#{profile.short_name}', #{links.to_json}); return false", :class => "menu-submenu-trigger #{trigger_class}", :url => url) : "") +
  592 + (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ? link_to( content_tag( 'span', _('Profile links')), '#', :onclick => "toggleSubmenu(this, '#{profile.short_name}', #{j(links.to_json)}); return false", :class => "menu-submenu-trigger #{trigger_class}", :url => url) : "") +
593 593 link_to(
594 594 content_tag( 'span', profile_image( profile, size ), :class => 'profile-image' ) +
595 595 content_tag( 'span', h(name), :class => ( profile.class == Person ? 'fn' : 'org' ) ) +
... ...
app/views/layouts/application-ng.html.erb
  Diff comments   View file @7f92419
... ... @@ -21,6 +21,8 @@
21 21 <script type='text/javascript'>
22 22 DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'" %>;
23 23 </script>
  24 +
  25 + <%= csrf_meta_tag %>
24 26 </head>
25 27 <body class="<%= body_classes %>">
26 28 <a href="#content" id="link-go-content"><span><%= _("Go to the content") %></span></a>
... ...
public/javascripts/application.js
  Diff comments   View file @7f92419
... ... @@ -508,7 +508,13 @@ function new_qualifier_row(selector, select_qualifiers, delete_button) {
508 508  
509 509 // controls the display of the login/logout stuff
510 510 jQuery(function($) {
511   - $.ajaxSetup({cache: false});
  511 + $.ajaxSetup({
  512 + cache: false,
  513 + headers: {
  514 + 'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
  515 + }
  516 + });
  517 +
512 518 $.getJSON('/account/user_data', function userDataCallBack(data) {
513 519 if (data.login) {
514 520 // logged in
... ...