zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-04-25 01:32:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

Update csrf_safe? to check the headers. Add some JS code to insert the CSRF token into the XHR request headers.

Browse source
This commit is contained in:
mikeycgto 2013-06-22 16:53:39 -04:00
parent bdfaf0022a
commit bcf9b63fa4
2 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app.rb
View file

@ -252,7 +252,7 @@ def require_login_ajax
end end
def csrf_safe? def csrf_safe?
csrf_token == params[:csrf_token] csrf_token == params[:csrf_token] || csrf_token == request.env['HTTP_X_CSRF_TOKEN']
end end
def csrf_token def csrf_token

11
views/layout.slim
View file

@ -9,6 +9,7 @@ html
link href="/css/styles.css" rel="stylesheet" link href="/css/styles.css" rel="stylesheet"
meta property="og:title" content="NeoCities" meta property="og:title" content="NeoCities"
meta property="og:description" content="NeoCities is the new Geocities. Create your own free home page, and do whatever you want with it." meta property="og:description" content="NeoCities is the new Geocities. Create your own free home page, and do whatever you want with it."
meta name="csrf-token" content="#{csrf_token}"
script src="/js/jquery.min.js" script src="/js/jquery.min.js"
body body
@ -40,6 +41,16 @@ html
script src="/js/bootstrap.min.js" script src="/js/bootstrap.min.js"
javascript:
!function(){
var csrf_token = $('meta[name="csrf-token"]').attr('content');
$(document).ajaxSend(function(ev, jqxhr){
jqxhr.setRequestHeader('X-CSRF-Token', csrf_token);
});
}();
javascript: javascript:
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),