Merge pull request #5042 from betagouv/attempt-to-fix-invalid-auth-tokens
Tentative de correction des erreurs ActionController::InvalidAuthenticityToken à l'upload
This commit is contained in:
commit
ebfa294755
2 changed files with 18 additions and 6 deletions
|
@ -1,7 +1,7 @@
|
|||
%ul.footer-row.footer-bottom-line.footer-site-links
|
||||
%li>= link_to "Accessibilité", accessibilite_path
|
||||
%li>= link_to "CGU", CGU_URL, target: "_blank", rel: "noopener noreferrer"
|
||||
%li>= link_to "Mentions légales", MENTIONS_LEGALES_URL, target: "_blank", rel: "noopener noreferrer"
|
||||
%li>= link_to 'Documentation', DOC_URL
|
||||
%li>= contact_link "Contact technique", dossier_id: dossier&.id
|
||||
%li>= link_to 'Aide', FAQ_URL
|
||||
%li.footer-link-accessibilite>= link_to "Accessibilité", accessibilite_path
|
||||
%li.footer-link-cgu>= link_to "CGU", CGU_URL, target: "_blank", rel: "noopener noreferrer"
|
||||
%li.footer-link-mentions-legales>= link_to "Mentions légales", MENTIONS_LEGALES_URL, target: "_blank", rel: "noopener noreferrer"
|
||||
%li.footer-link-doc>= link_to 'Documentation', DOC_URL
|
||||
%li.footer-link-contact>= contact_link "Contact technique", dossier_id: dossier&.id
|
||||
%li.footer-link-aide>= link_to 'Aide', FAQ_URL
|
||||
|
|
|
@ -35,6 +35,18 @@ module TPS
|
|||
|
||||
config.action_view.sanitized_allowed_tags = ActionView::Base.sanitized_allowed_tags + ['u']
|
||||
|
||||
# Some mobile browsers have a behaviour where, although they will delete the session
|
||||
# cookie when the browser shutdowns, they will still serve a cached version
|
||||
# of the page on relaunch.
|
||||
# The CSRF token in the HTML is then mismatched with the CSRF token in the session cookie
|
||||
# (because the session cookie has been cleared). This causes form submissions to fail with
|
||||
# a "ActionController::InvalidAuthenticityToken" exception.
|
||||
# To prevent this, tell browsers to never cache the HTML of a page.
|
||||
# (This doesn’t affect assets files, which are still sent with the proper cache headers).
|
||||
#
|
||||
# See https://github.com/rails/rails/issues/21948
|
||||
config.action_dispatch.default_headers['Cache-Control'] = 'no-store, no-cache'
|
||||
|
||||
config.to_prepare do
|
||||
# Make main application helpers available in administrate
|
||||
Administrate::ApplicationController.helper(TPS::Application.helpers)
|
||||
|
|
Loading…
Reference in a new issue