From 0dc5f24c6cfb5ad66ee0d63b54dabd9f44f0be8c Mon Sep 17 00:00:00 2001 From: magnolia-fan Date: Thu, 20 Oct 2011 22:05:16 +0400 Subject: [PATCH] CSRF token fix --- app/assets/javascripts/beathaven.coffee | 168 ++++++++++++------------ app/assets/javascripts/session.coffee | 3 +- app/assets/javascripts/vkontakte.coffee | 1 - app/views/layouts/application.html.haml | 1 + 4 files changed, 88 insertions(+), 85 deletions(-) diff --git a/app/assets/javascripts/beathaven.coffee b/app/assets/javascripts/beathaven.coffee index 7f8779f..ad42a50 100644 --- a/app/assets/javascripts/beathaven.coffee +++ b/app/assets/javascripts/beathaven.coffee @@ -10,91 +10,95 @@ window._page = null window._settings = null $ -> - l = document.location - if l.hostname not in ['beathaven.org', 'dev.beathaven.org'] - l.href = 'http://beathaven.org/'+ l.hash - - window._beathaven = new BeatHaven() - window._beathaven.init() + l = document.location + if l.hostname not in ['beathaven.org', 'dev.beathaven.org'] + l.href = 'http://beathaven.org/'+ l.hash + + $.ajaxSetup + beforeSend: (xhr) -> + xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content')) + + window._beathaven = new BeatHaven() + window._beathaven.init() class window.BeatHaven - - last_height: false - lang: 'ru' - - init: -> - window._vkontakte = new Vkontakte(2335068) - window._vkontakte.init() - window._vk_music = new VkontakteMusic - - window._ajax = new Ajax() - - window._player = new Player() - window._player.initJplayer() - - window._search = new Search() - - window._page = new Page() - - window._settings = new Settings() - - this.setupAutocomplete() - - false - - setupAutocomplete: -> - $('#search').first().bh_autocomplete - serviceUrl: '/artist/autocomplete' # Страница для обработки запросов автозаполнения - minChars: 3 # Минимальная длина запроса для срабатывания автозаполнения - delimiter: /(,|;)\s*/ # Разделитель для нескольких запросов, символ или регулярное выражение - maxHeight: 400 # Максимальная высота списка подсказок, в пикселях - width: 415 # Ширина списка - zIndex: 9999 # z-index списка - deferRequestBy: 500 # Задержка запроса (мсек) - containerId: 'autocomplete-container' - containerItemsId: 'autocomplete-items' - onSelect: -> - _search.loadArtistData $('#search').val() - - localizeHTML: (obj, lang) -> - unless obj? - obj = $('body') - unless lang? - lang = _beathaven.lang - $(obj).find('[data-ls]').each -> - if _locale[$(this).attr 'data-ls']? and _locale[$(this).attr 'data-ls'][lang]? - if this.nodeName is 'INPUT' - $(this).val _locale[$(this).attr 'data-ls'][lang] - else - $(this).text _locale[$(this).attr 'data-ls'][lang] - return obj - - ls: (id, lang) -> - unless lang? - lang = _beathaven.lang - if _locale[id]? and _locale[id][lang]? - _locale[id][lang] - else - id + + last_height: false + lang: 'ru' + + init: -> + window._vkontakte = new Vkontakte(2335068) + window._vkontakte.init() + window._vk_music = new VkontakteMusic + + window._ajax = new Ajax() + + window._player = new Player() + window._player.initJplayer() + + window._search = new Search() + + window._page = new Page() + + window._settings = new Settings() + + this.setupAutocomplete() + + false + + setupAutocomplete: -> + $('#search').first().bh_autocomplete + serviceUrl: '/artist/autocomplete' # Страница для обработки запросов автозаполнения + minChars: 3 # Минимальная длина запроса для срабатывания автозаполнения + delimiter: /(,|;)\s*/ # Разделитель для нескольких запросов, символ или регулярное выражение + maxHeight: 400 # Максимальная высота списка подсказок, в пикселях + width: 415 # Ширина списка + zIndex: 9999 # z-index списка + deferRequestBy: 500 # Задержка запроса (мсек) + containerId: 'autocomplete-container' + containerItemsId: 'autocomplete-items' + onSelect: -> + _search.loadArtistData $('#search').val() + + localizeHTML: (obj, lang) -> + unless obj? + obj = $('body') + unless lang? + lang = _beathaven.lang + $(obj).find('[data-ls]').each -> + if _locale[$(this).attr 'data-ls']? and _locale[$(this).attr 'data-ls'][lang]? + if this.nodeName is 'INPUT' + $(this).val _locale[$(this).attr 'data-ls'][lang] + else + $(this).text _locale[$(this).attr 'data-ls'][lang] + return obj + + ls: (id, lang) -> + unless lang? + lang = _beathaven.lang + if _locale[id]? and _locale[id][lang]? + _locale[id][lang] + else + id String::htmlsafe = -> - replaces = [ - ["\\", "\\\\"] - ["\"", """] - ["<", "<"] - [">", ">"] - ] - str = this - for item in replaces - str = str.replace item[0], item[1] - str + replaces = [ + ["\\", "\\\\"] + ["\"", """] + ["<", "<"] + [">", ">"] + ] + str = this + for item in replaces + str = str.replace item[0], item[1] + str String::trim = -> - str = this - while str.indexOf(' ') != -1 - str = str.replace(' ', ' ') - if str.charAt(0) == ' ' - str = str.substring 1 - if str.charAt(str.length - 1) == ' ' - str = str.substring(0, str.length - 1) - str + str = this + while str.indexOf(' ') != -1 + str = str.replace(' ', ' ') + if str.charAt(0) == ' ' + str = str.substring 1 + if str.charAt(str.length - 1) == ' ' + str = str.substring(0, str.length - 1) + str diff --git a/app/assets/javascripts/session.coffee b/app/assets/javascripts/session.coffee index c40d92a..e8bdb57 100644 --- a/app/assets/javascripts/session.coffee +++ b/app/assets/javascripts/session.coffee @@ -13,8 +13,6 @@ class window.Session setUser: (user) -> @user = user - _beathaven.lang = @user.lang || 'ru' - _beathaven.localizeHTML() false getUser: -> @@ -22,6 +20,7 @@ class window.Session query: (url, params, callback) -> q_params = $.extend {}, @vk_params, params + q_params.authenticity_token = $('meta[name="csrf-token"]').attr('content') $.post url, q_params, callback false diff --git a/app/assets/javascripts/vkontakte.coffee b/app/assets/javascripts/vkontakte.coffee index a1dcaba..1ad907f 100644 --- a/app/assets/javascripts/vkontakte.coffee +++ b/app/assets/javascripts/vkontakte.coffee @@ -8,7 +8,6 @@ class window.Vkontakte @api_id init: -> - window.vkAsyncInit = -> VK.init apiId: _vkontakte.getApiId() VK.Auth.getLoginStatus (response) -> diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml index 5c83439..2a7446b 100644 --- a/app/views/layouts/application.html.haml +++ b/app/views/layouts/application.html.haml @@ -3,6 +3,7 @@ %head %title BeatHaven %meta{ :charset => "utf-8" } + %meta{ :name => 'csrf-token', :content => form_authenticity_token } %link{ :rel => "shortcut icon", :href => "/favicon.ico" } = stylesheet_link_tag "application" = javascript_include_tag "application"