1
0
Fork 0
forked from OpenNeo/impress
Commit graph

5 commits

Author SHA1 Message Date
5cec28e29b fix logout bug: stop caching authenticity_token fields
Many forms on the site contain a hidden authenticity_token field,
unique to each visitory. If a user submits a request with an
invalid authenticity_token, Rails assumes that it's a CSRF attempt
and logs out the user. So, if we happen to cache those forms with
authenticity_token fields, all users who use that form will have
the same authenticity_token (valid for only the first user who
saw the form, invalid for everyone else), and all requests made
through that form will log out the user. Bad news.

So, we stopped caching those forms. Yay!
2012-08-07 17:32:51 -04:00
72237f225c modeling hub 2012-08-06 21:15:31 -04:00
b7fb5a952b Revert "implement head.js"
This reverts commit 12ffa33f4f.
2010-12-06 18:50:13 -05:00
12ffa33f4f implement head.js 2010-12-05 21:18:52 -05:00
2d550724f0 bulk add pets 2010-11-05 20:09:03 -04:00