Fix HTTP caching and logins with rails 4

Since all cookies should be dropped for unauthenticated users, you cannot expect the XSRF cookie to be present to allow users to login!

Fix HTTP caching and logins with rails 4
Since all cookies should be dropped for unauthenticated users, you cannot expect the XSRF cookie to be present to allow users to login!
Antonio Terceiro
1 parent 9ff5859c
Showing 2 changed files with 2 additions and 1 deletions Show diff stats
app/controllers/public/account_controller.rb
vendor/plugins/noosfero_caching/init.rb
@@ -6,6 +6,8 @@ class AccountController &lt; ApplicationController
   before_filter :redirect_if_logged_in, :only => [:login, :signup]
   before_filter :protect_from_bots, :only => :signup
  
+  protect_from_forgery except: [:login]
+
   helper CustomFieldsHelper
   # say something nice, you goof!  something sweet.
   def index
@@ -27,7 +27,6 @@ module NoosferoHttpCaching
   end
  
   def noosfero_session_check
-    return unless params[:controller] == 'account'
     headers["X-Noosfero-Auth"] = (session[:user] != nil).to_s
   end
...	...	@@ -6,6 +6,8 @@ class AccountController < ApplicationController
6	6	before_filter :redirect_if_logged_in, :only => [:login, :signup]
7	7	before_filter :protect_from_bots, :only => :signup
8	8
	9	+ protect_from_forgery except: [:login]
	10	+
9	11	helper CustomFieldsHelper
10	12	# say something nice, you goof! something sweet.
11	13	def index
...	...
...	...	@@ -27,7 +27,6 @@ module NoosferoHttpCaching
27	27	end
28	28
29	29	def noosfero_session_check
30		- return unless params[:controller] == 'account'
31	30	headers["X-Noosfero-Auth"] = (session[:user] != nil).to_s
32	31	end
33	32
...	...