Changesets can be listed by changeset number.
The Git repository is here.
Changeset 352
Support Rails 2.3.11's security patch.
- Comitted by: rool
- Date: Saturday March 19 21:54:37 2011 (over 13 years ago)
Affected files:
rool/rails/instiki/trunk/public/javascripts/application.js:
prev. | current | |
(document.getElementById(id).style.display == 'block') ? document.getElementById(id).style.display='none' : document.getElementById(id).style.display='block'; | ||
} | ||
8 | /* | |
9 | * Registers a callback which copies the csrf token into the | |
10 | * X-CSRF-Token header with each ajax request. Necessary to | |
11 | * work with rails applications which have fixed | |
12 | * CVE-2011-0447 | |
13 | */ | |
14 | ||
15 | Ajax.Responders.register({ | |
16 | onCreate: function(request) { | |
17 | var csrf_meta_tag = $$('meta[name=csrf-token]')[0]; | |
18 | ||
19 | if (csrf_meta_tag) { | |
20 | var header = 'X-CSRF-Token', | |
21 | token = csrf_meta_tag.readAttribute('content'); | |
22 | ||
23 | if (!request.options.requestHeaders) { | |
24 | request.options.requestHeaders = {}; | |
25 | } | |
26 | request.options.requestHeaders[header] = token; | |
27 | } | |
28 | } | |
29 | }); |