From 7f92419af87298e6952e6cba752569e41ee39c02 Mon Sep 17 00:00:00 2001
From: Victor Costa <vfcosta@gmail.com>
Date: Thu, 6 Feb 2014 13:44:22 -0300
Subject: [PATCH] rails3: fix ajax requests with csrf protection

---
 app/helpers/application_helper.rb         | 2 +-
 app/views/layouts/application-ng.html.erb | 2 ++
 public/javascripts/application.js         | 8 +++++++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index ee55da0..328b080 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -589,7 +589,7 @@ module ApplicationHelper
     extra_info = extra_info.nil? ? '' : content_tag( 'span', extra_info, :class => 'extra_info' )
     links = links_for_balloon(profile)
     content_tag('div', content_tag(tag,
-                                   (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ? link_to( content_tag( 'span', _('Profile links')), '#', :onclick => "toggleSubmenu(this, '#{profile.short_name}', #{links.to_json}); return false", :class => "menu-submenu-trigger #{trigger_class}", :url => url) : "") +
+                                   (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ? link_to( content_tag( 'span', _('Profile links')), '#', :onclick => "toggleSubmenu(this, '#{profile.short_name}', #{j(links.to_json)}); return false", :class => "menu-submenu-trigger #{trigger_class}", :url => url) : "") +
     link_to(
       content_tag( 'span', profile_image( profile, size ), :class => 'profile-image' ) +
       content_tag( 'span', h(name), :class => ( profile.class == Person ? 'fn' : 'org' ) ) +
diff --git a/app/views/layouts/application-ng.html.erb b/app/views/layouts/application-ng.html.erb
index c48727b..5256a4a 100644
--- a/app/views/layouts/application-ng.html.erb
+++ b/app/views/layouts/application-ng.html.erb
@@ -21,6 +21,8 @@
     <script type='text/javascript'>
       DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'" %>;
     </script>
+
+    <%= csrf_meta_tag %>
   </head>
   <body class="<%= body_classes %>">
     <a href="#content" id="link-go-content"><span><%= _("Go to the content") %></span></a>
diff --git a/public/javascripts/application.js b/public/javascripts/application.js
index 6c2ab93..5bc8613 100644
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -508,7 +508,13 @@ function new_qualifier_row(selector, select_qualifiers, delete_button) {
 
 // controls the display of the login/logout stuff
 jQuery(function($) {
-  $.ajaxSetup({cache: false});
+  $.ajaxSetup({
+    cache: false,
+    headers: {
+      'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
+    }
+  });
+
   $.getJSON('/account/user_data', function userDataCallBack(data) {
     if (data.login) {
       // logged in
--
libgit2 0.21.2