Make sure all forms have the correct authenticity token

A cached page may include forms, which will then have the wrong authenticity token, so after the page has finished loading we fix up those tokens using the one from the meta tags which will always be correct as we never cache the layout.
2011-11-25 09:41:15 +00:00 · 2011-11-25 09:41:15 +00:00 · 5db8031c23
commit 5db8031c23
parent 64030a40ac
1 changed files with 11 additions and 1 deletions
--- a/app/views/layouts/site.html.erb
+++ b/app/views/layouts/site.html.erb
@ -63,7 +63,6 @@
    </script>

    <div id="left">
-
      <div id="logo">
        <center>
          <h1><%= t 'layouts.project_name.h1' %></h1>
@ -125,6 +124,17 @@
        </div>
      </center>
    </div>
+
+    <script type="text/javascript">
+    document.observe("dom:loaded", function () {
+      var auth_token = $$("meta[name=csrf-token]")[0].content;
+
+      $$("form input[name=authenticity_token]").each(function (input) {
+        input.value = auth_token;
+      });
+    }
+    </script>
+
    <% if defined?(PIWIK_LOCATION) and defined?(PIWIK_SITE) -%>
    <%= render :partial => "layouts/piwik" %>
    <% end -%>