Permalink
Browse files

small fix for CSRF tokens

  • Loading branch information...
1 parent caabad7 commit f51fb627b837b4c9f1b43c21f6ff91e1667edb7b @homakov homakov committed Apr 25, 2012
Showing with 7 additions and 0 deletions.
  1. +7 −0 src/rails.js
View
@@ -374,4 +374,11 @@
if (this == event.target) rails.enableFormElements($(this));
});
+ $(function(){
+ // making sure that all forms have actual up-to-date token(cached forms contain old one)
+ csrf_token = $('meta[name=csrf-token]').attr('content');
+ csrf_param = $('meta[name=csrf-param]').attr('content');
+ $('form input[name='+csrf_param+']').val(csrf_token);
+ });
+
})( jQuery );

1 comment on commit f51fb62

bsingr commented on f51fb62 Dec 5, 2012

I wonder if there is a better solution to support cached forms.

We cached the token in the meta tag by accident. However, we didn't notice, because the forms had always the correct token.

After updating jquery-ujs, the wrong (cached) token was copied from meta tag to the forms. So it stopped working.

Of course, we did a mistake there. But it's non-trivial to find out what is going on here and I'd prefer a less magical solution if there is one...

Please sign in to comment.