forked from OpenNeo/impress
fix issue with csrf_param in wardrobe ajax
Due to a silly slip-up involving Javascript object literal syntax, we were sending {csrf_param: "token"} instead of {authenticity_token: "token"} with wardrobe AJAX requests. This would cause users to be auto-logged-out for failing to provide a proper token. Oops.
This commit is contained in:
parent
686d6560c4
commit
abcf70a0c4
2 changed files with 13 additions and 2 deletions
|
@ -2,11 +2,18 @@ class OutfitsController < ApplicationController
|
|||
before_filter :find_authorized_outfit, :only => [:update, :destroy]
|
||||
|
||||
def create
|
||||
Rails.logger.debug "Signed in?: #{user_signed_in?}"
|
||||
Rails.logger.debug "User 1: #{current_user.inspect}"
|
||||
@outfit = Outfit.build_for_user(current_user, params[:outfit])
|
||||
Rails.logger.debug "User 2: #{current_user.inspect}"
|
||||
if @outfit.save
|
||||
Rails.logger.debug "User 3: #{current_user.inspect}"
|
||||
render :json => @outfit.id
|
||||
Rails.logger.debug "User 4: #{current_user.inspect}"
|
||||
else
|
||||
Rails.logger.debug "User 5: #{current_user.inspect}"
|
||||
render_outfit_errors
|
||||
Rails.logger.debug "User 6: #{current_user.inspect}"
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
(function () {
|
||||
var csrf_param = $('meta[name=csrf-param]').attr('content'),
|
||||
csrf_token = $('meta[name=csrf-token]').attr('content');
|
||||
csrf_token = $('meta[name=csrf-token]').attr('content'),
|
||||
data = {};
|
||||
|
||||
data[csrf_param] = csrf_token;
|
||||
|
||||
$.ajaxSetup({
|
||||
data: {csrf_param: csrf_token}
|
||||
data: data
|
||||
});
|
||||
})();
|
||||
|
||||
|
|
Loading…
Reference in a new issue