fix logout bug: stop caching authenticity_token fields
Many forms on the site contain a hidden authenticity_token field, unique to each visitory. If a user submits a request with an invalid authenticity_token, Rails assumes that it's a CSRF attempt and logs out the user. So, if we happen to cache those forms with authenticity_token fields, all users who use that form will have the same authenticity_token (valid for only the first user who saw the form, invalid for everyone else), and all requests made through that form will log out the user. Bad news. So, we stopped caching those forms. Yay!
This commit is contained in:
parent
72237f225c
commit
5cec28e29b
2 changed files with 34 additions and 30 deletions
|
@ -28,8 +28,8 @@
|
|||
= pet_attribute_select 'species', @species
|
||||
%input{:type => "submit", :value => "Go"}
|
||||
|
||||
- cache :action_suffix => 'sections_and_description' do
|
||||
%ul#sections
|
||||
%ul#sections
|
||||
- cache :action_suffix => 'your_items_module' do
|
||||
%li#your-items-module
|
||||
= link_to image_tag('your_items.png'), your_items_path
|
||||
%h3
|
||||
|
@ -43,6 +43,7 @@
|
|||
= text_field_tag 'name', '', :placeholder => raw('find a user…'), :type => 'search'
|
||||
= submit_tag 'search'
|
||||
|
||||
- cache :action_suffix => 'infinite_closet_module' do
|
||||
%li
|
||||
%a{:href => items_path}
|
||||
= image_tag 'items.png'
|
||||
|
@ -85,7 +86,8 @@
|
|||
%span#latest-contribution-created-at{:title => @latest_contribution.created_at.to_s}
|
||||
#{time_ago_in_words @latest_contribution.created_at} ago
|
||||
|
||||
#whats-new
|
||||
- cache :action_suffix => 'whats_new' do
|
||||
#whats-new
|
||||
#blog-preview
|
||||
%h2
|
||||
%div
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
- title 'Modeling Hub'
|
||||
|
||||
- cache do
|
||||
= form_tag load_pet_path, :id => 'needed-items-form' do
|
||||
= form_tag load_pet_path, :id => 'needed-items-form' do
|
||||
- cache :action_suffix => 'needed_items_content' do
|
||||
%h3 Looking for ways to contribute?
|
||||
|
||||
%p
|
||||
|
@ -27,7 +27,8 @@
|
|||
|
||||
%ul#needed-items-pet-items
|
||||
|
||||
= form_tag load_pet_path, :id => 'bulk-pets-form' do
|
||||
= form_tag load_pet_path, :id => 'bulk-pets-form' do
|
||||
- cache :action_suffix => 'bulk_pets_content' do
|
||||
%h3 Model pets in bulk
|
||||
|
||||
%p
|
||||
|
@ -46,6 +47,7 @@
|
|||
%button#bulk-pets-form-clear{:type => "button"} Clear
|
||||
%ul
|
||||
|
||||
- cache :action_suffix => 'item_template' do
|
||||
%script#item-template{:type => 'text/x-jquery-tmpl'}
|
||||
%li{:class => 'object{{if owned}} owned{{/if}}'}
|
||||
= link_to item_path(':id').sub(':id', '${id}') do
|
||||
|
|
Loading…
Reference in a new issue