AO3-5153: New approach to fixing auth tokens dynamically (#3039)

otwcode · Sep 10, 2017 · e35a720 · e35a720
1 parent 6e05289
commit e35a720
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 1 deletion.
diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
@@ -1,6 +1,6 @@
 class HomeController < ApplicationController
 
-  skip_before_action :store_location, only: [:first_login_help]
+  skip_before_action :store_location, only: [:first_login_help, :token_dispenser]
 
   # unicorn_test
   def unicorn_test
@@ -25,6 +25,13 @@ def dmca
   def lost_cookie
     render action: 'lost_cookie', layout: 'application'
   end
+
+  # for updating form tokens on cached pages
+  def token_dispenser
+    respond_to do |format|
+      format.json { render json: { token: form_authenticity_token } }
+    end
+  end
 
   # diversity statement
   def diversity 

diff --git a/config/routes.rb b/config/routes.rb
@@ -561,6 +561,7 @@
   get 'site_map' => 'home#site_map'
   get 'site_pages' => 'home#site_pages'
   get 'first_login_help' => 'home#first_login_help'
+  get 'token_dispenser' => 'home#token_dispenser'
   get 'delete_confirmation' => 'users#delete_confirmation'
   get 'activate/:id' => 'users#activate', as: 'activate'
   get 'devmode' => 'devmode#index'

diff --git a/public/javascripts/application.js b/public/javascripts/application.js
@@ -11,6 +11,7 @@ $j(document).ready(function() {
     attachCharacterCounters();
     setupAccordion();
     setupDropdown();
+    updateCachedTokens();
 
     // remove final comma from comma lists in older browsers
     $j('.commas li:last-child').addClass('last');
@@ -643,3 +644,18 @@ function thermometer() {
     }
   });
 }
+
+function updateCachedTokens() {
+  // we only do full page caching when users are logged out
+  if ($j('#small_login').length > 0) {
+    $j.getJSON("/token_dispenser.json", function( data ) {
+      var token = data.token;
+      //set token on fields
+      $j('input[name=authenticity_token]').each(function(){
+        $j(this).attr('value', token);
+      });
+      $j('meta[name=csrf-token]').attr('value', token);
+      console.log("I got a token: " + token);
+    });
+  }
+}