1
0
Fork 0

CSRF token fix

This commit is contained in:
magnolia-fan 2011-10-20 22:05:16 +04:00
parent 69b392b739
commit 0dc5f24c6c
4 changed files with 88 additions and 85 deletions

View File

@ -14,6 +14,10 @@ $ ->
if l.hostname not in ['beathaven.org', 'dev.beathaven.org'] if l.hostname not in ['beathaven.org', 'dev.beathaven.org']
l.href = 'http://beathaven.org/'+ l.hash l.href = 'http://beathaven.org/'+ l.hash
$.ajaxSetup
beforeSend: (xhr) ->
xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))
window._beathaven = new BeatHaven() window._beathaven = new BeatHaven()
window._beathaven.init() window._beathaven.init()

View File

@ -13,8 +13,6 @@ class window.Session
setUser: (user) -> setUser: (user) ->
@user = user @user = user
_beathaven.lang = @user.lang || 'ru'
_beathaven.localizeHTML()
false false
getUser: -> getUser: ->
@ -22,6 +20,7 @@ class window.Session
query: (url, params, callback) -> query: (url, params, callback) ->
q_params = $.extend {}, @vk_params, params q_params = $.extend {}, @vk_params, params
q_params.authenticity_token = $('meta[name="csrf-token"]').attr('content')
$.post url, q_params, callback $.post url, q_params, callback
false false

View File

@ -8,7 +8,6 @@ class window.Vkontakte
@api_id @api_id
init: -> init: ->
window.vkAsyncInit = -> window.vkAsyncInit = ->
VK.init apiId: _vkontakte.getApiId() VK.init apiId: _vkontakte.getApiId()
VK.Auth.getLoginStatus (response) -> VK.Auth.getLoginStatus (response) ->

View File

@ -3,6 +3,7 @@
%head %head
%title BeatHaven %title BeatHaven
%meta{ :charset => "utf-8" } %meta{ :charset => "utf-8" }
%meta{ :name => 'csrf-token', :content => form_authenticity_token }
%link{ :rel => "shortcut icon", :href => "/favicon.ico" } %link{ :rel => "shortcut icon", :href => "/favicon.ico" }
= stylesheet_link_tag "application" = stylesheet_link_tag "application"
= javascript_include_tag "application" = javascript_include_tag "application"