site profile: no csrf/flash unless signed in

2025-04-28 19:22:32 +02:00 · 2025-04-26 17:34:34 -05:00 · 2025-04-26 17:34:34 -05:00 · 369f1655a9
commit 369f1655a9
parent 380bd5f484
2 changed files with 69 additions and 65 deletions
--- a/views/_tags.erb
+++ b/views/_tags.erb
@ -19,6 +19,7 @@
  <% end %>
 <% end %>
 <% if current_site && current_site == site %>
  <div class="modal hide" id="addTag" tabindex="-1" role="dialog" aria-labelledby="addTagLabel" aria-hidden="true">
    <form method="POST" action="/tags/add">
      <input type="hidden" value="<%= csrf_token %>" name="csrf_token">
@ -61,3 +62,4 @@
      </div>
    </form>
  </div>
 <% end %>
--- a/views/site.erb
+++ b/views/site.erb
@ -1,5 +1,5 @@
 <div class="header-Outro with-site-image">
-  <% if flash.keys.length > 0 %>
+  <% if current_site && flash.keys.length > 0 %>
    <div class="row content">
      <div class="alert txt-Center">
          <% flash.keys.each do |key| %>
@ -90,6 +90,7 @@
 </div></div>
 </div>
 <% if current_site %>
  <div class="modal hide" id="block" tabindex="-1" role="dialog" aria-labelledby="blockLabel" aria-hidden="true">
    <form method="POST" action="/site/<%= site.username %>/block">
      <input type="hidden" value="<%= csrf_token %>" name="csrf_token">
@ -115,3 +116,4 @@
      </div>
    </form>
  </div>
 <% end %>