forked from OpenNeo/impress
Dress to Impress, a big fancy Neopets customization tool!
Matchu
5cec28e29b
Many forms on the site contain a hidden authenticity_token field, unique to each visitory. If a user submits a request with an invalid authenticity_token, Rails assumes that it's a CSRF attempt and logs out the user. So, if we happen to cache those forms with authenticity_token fields, all users who use that form will have the same authenticity_token (valid for only the first user who saw the form, invalid for everyone else), and all requests made through that form will log out the user. Bad news. So, we stopped caching those forms. Yay! |
||
|---|---|---|
| app | ||
| autotest | ||
| config | ||
| db | ||
| doc | ||
| lib | ||
| public | ||
| script | ||
| spec | ||
| test | ||
| tmp | ||
| vendor | ||
| .gitignore | ||
| config.ru | ||
| Gemfile | ||
| Gemfile.lock | ||
| LICENSE | ||
| Rakefile | ||
| README | ||
An extension of Dress to Impress (PHP) that runs on Ruby on Rails. I wanted to use Rails initially for Impress, but hoped that using PHP would allow me to attract more developers. Looks like that wasn't the case, so I just went with what I loved and made the items database in Rails. Future Impress sections will likely find themselves in this project, rather than the PHP project.