1
0
Fork 0
forked from OpenNeo/impress

fix issue with csrf_param in wardrobe ajax

Due to a silly slip-up involving Javascript object literal syntax, we were
sending {csrf_param: "token"} instead of {authenticity_token: "token"} with
wardrobe AJAX requests. This would cause users to be auto-logged-out for
failing to provide a proper token. Oops.
This commit is contained in:
Emi Matchu 2012-01-14 12:35:05 -06:00
parent 686d6560c4
commit abcf70a0c4
2 changed files with 13 additions and 2 deletions

View file

@ -2,11 +2,18 @@ class OutfitsController < ApplicationController
before_filter :find_authorized_outfit, :only => [:update, :destroy] before_filter :find_authorized_outfit, :only => [:update, :destroy]
def create def create
Rails.logger.debug "Signed in?: #{user_signed_in?}"
Rails.logger.debug "User 1: #{current_user.inspect}"
@outfit = Outfit.build_for_user(current_user, params[:outfit]) @outfit = Outfit.build_for_user(current_user, params[:outfit])
Rails.logger.debug "User 2: #{current_user.inspect}"
if @outfit.save if @outfit.save
Rails.logger.debug "User 3: #{current_user.inspect}"
render :json => @outfit.id render :json => @outfit.id
Rails.logger.debug "User 4: #{current_user.inspect}"
else else
Rails.logger.debug "User 5: #{current_user.inspect}"
render_outfit_errors render_outfit_errors
Rails.logger.debug "User 6: #{current_user.inspect}"
end end
end end

View file

@ -1,8 +1,12 @@
(function () { (function () {
var csrf_param = $('meta[name=csrf-param]').attr('content'), var csrf_param = $('meta[name=csrf-param]').attr('content'),
csrf_token = $('meta[name=csrf-token]').attr('content'); csrf_token = $('meta[name=csrf-token]').attr('content'),
data = {};
data[csrf_param] = csrf_token;
$.ajaxSetup({ $.ajaxSetup({
data: {csrf_param: csrf_token} data: data
}); });
})(); })();