fix issue with csrf_param in wardrobe ajax

Due to a silly slip-up involving Javascript object literal syntax, we were sending {csrf_param: "token"} instead of {authenticity_token: "token"} with wardrobe AJAX requests. This would cause users to be auto-logged-out for failing to provide a proper token. Oops.
2012-01-14 12:35:05 -06:00 · 2012-01-14 12:35:05 -06:00 · abcf70a0c4
commit abcf70a0c4
parent 686d6560c4
2 changed files with 13 additions and 2 deletions
--- a/app/controllers/outfits_controller.rb
+++ b/app/controllers/outfits_controller.rb
@ -2,11 +2,18 @@ class OutfitsController < ApplicationController
  before_filter :find_authorized_outfit, :only => [:update, :destroy]

  def create
+    Rails.logger.debug "Signed in?: #{user_signed_in?}"
+    Rails.logger.debug "User 1: #{current_user.inspect}"
    @outfit = Outfit.build_for_user(current_user, params[:outfit])
+    Rails.logger.debug "User 2: #{current_user.inspect}"
    if @outfit.save
+      Rails.logger.debug "User 3: #{current_user.inspect}"
      render :json => @outfit.id
+      Rails.logger.debug "User 4: #{current_user.inspect}"
    else
+      Rails.logger.debug "User 5: #{current_user.inspect}"
      render_outfit_errors
+      Rails.logger.debug "User 6: #{current_user.inspect}"
    end
  end

--- a/public/javascripts/outfits/edit.js
+++ b/public/javascripts/outfits/edit.js
@ -1,8 +1,12 @@
 (function () {
  var csrf_param = $('meta[name=csrf-param]').attr('content'),
-    csrf_token = $('meta[name=csrf-token]').attr('content');
+    csrf_token = $('meta[name=csrf-token]').attr('content'),
+    data = {};
+
+  data[csrf_param] = csrf_token;
+
  $.ajaxSetup({
-    data: {csrf_param: csrf_token}
+    data: data
  });
 })();