From abcf70a0c4743537601d44ceb53ebe1ed65480ac Mon Sep 17 00:00:00 2001 From: Matchu Date: Sat, 14 Jan 2012 12:35:05 -0600 Subject: [PATCH] fix issue with csrf_param in wardrobe ajax Due to a silly slip-up involving Javascript object literal syntax, we were sending {csrf_param: "token"} instead of {authenticity_token: "token"} with wardrobe AJAX requests. This would cause users to be auto-logged-out for failing to provide a proper token. Oops. --- app/controllers/outfits_controller.rb | 7 +++++++ public/javascripts/outfits/edit.js | 8 ++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/app/controllers/outfits_controller.rb b/app/controllers/outfits_controller.rb index 4b69a0cb..0ea71a19 100644 --- a/app/controllers/outfits_controller.rb +++ b/app/controllers/outfits_controller.rb @@ -2,11 +2,18 @@ class OutfitsController < ApplicationController before_filter :find_authorized_outfit, :only => [:update, :destroy] def create + Rails.logger.debug "Signed in?: #{user_signed_in?}" + Rails.logger.debug "User 1: #{current_user.inspect}" @outfit = Outfit.build_for_user(current_user, params[:outfit]) + Rails.logger.debug "User 2: #{current_user.inspect}" if @outfit.save + Rails.logger.debug "User 3: #{current_user.inspect}" render :json => @outfit.id + Rails.logger.debug "User 4: #{current_user.inspect}" else + Rails.logger.debug "User 5: #{current_user.inspect}" render_outfit_errors + Rails.logger.debug "User 6: #{current_user.inspect}" end end diff --git a/public/javascripts/outfits/edit.js b/public/javascripts/outfits/edit.js index 1477e576..2a1a0ce1 100644 --- a/public/javascripts/outfits/edit.js +++ b/public/javascripts/outfits/edit.js @@ -1,8 +1,12 @@ (function () { var csrf_param = $('meta[name=csrf-param]').attr('content'), - csrf_token = $('meta[name=csrf-token]').attr('content'); + csrf_token = $('meta[name=csrf-token]').attr('content'), + data = {}; + + data[csrf_param] = csrf_token; + $.ajaxSetup({ - data: {csrf_param: csrf_token} + data: data }); })();