impress

History

Matchu 5cec28e29b fix logout bug: stop caching authenticity_token fields Many forms on the site contain a hidden authenticity_token field, unique to each visitory. If a user submits a request with an invalid authenticity_token, Rails assumes that it's a CSRF attempt and logs out the user. So, if we happen to cache those forms with authenticity_token fields, all users who use that form will have the same authenticity_token (valid for only the first user who saw the form, invalid for everyone else), and all requests made through that form will log out the user. Bad news. So, we stopped caching those forms. Yay!	2012-08-07 17:32:51 -04:00
..
bulk.html.haml	fix logout bug: stop caching authenticity_token fields	2012-08-07 17:32:51 -04:00

Matchu 5cec28e29b fix logout bug: stop caching authenticity_token fields

Many forms on the site contain a hidden authenticity_token field,
unique to each visitory. If a user submits a request with an
invalid authenticity_token, Rails assumes that it's a CSRF attempt
and logs out the user. So, if we happen to cache those forms with
authenticity_token fields, all users who use that form will have
the same authenticity_token (valid for only the first user who
saw the form, invalid for everyone else), and all requests made
through that form will log out the user. Bad news.

So, we stopped caching those forms. Yay!

2012-08-07 17:32:51 -04:00

bulk.html.haml

fix logout bug: stop caching authenticity_token fields

2012-08-07 17:32:51 -04:00