Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

small fix for CSRF tokens

  • Loading branch information...
commit f51fb627b837b4c9f1b43c21f6ff91e1667edb7b 1 parent caabad7
@homakov homakov authored
Showing with 7 additions and 0 deletions.
  1. +7 −0 src/rails.js
View
7 src/rails.js
@@ -374,4 +374,11 @@
if (this == event.target) rails.enableFormElements($(this));
});
+ $(function(){
+ // making sure that all forms have actual up-to-date token(cached forms contain old one)
+ csrf_token = $('meta[name=csrf-token]').attr('content');
+ csrf_param = $('meta[name=csrf-param]').attr('content');
+ $('form input[name='+csrf_param+']').val(csrf_token);
+ });
+
})( jQuery );

1 comment on commit f51fb62

@bsingr

I wonder if there is a better solution to support cached forms.

We cached the token in the meta tag by accident. However, we didn't notice, because the forms had always the correct token.

After updating jquery-ujs, the wrong (cached) token was copied from meta tag to the forms. So it stopped working.

Of course, we did a mistake there. But it's non-trivial to find out what is going on here and I'd prefer a less magical solution if there is one...

Please sign in to comment.
Something went wrong with that request. Please try again.