nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add CSRF token to forms generated by fileuploader.

Browse source 
Diaspora added an X-CSRF-Token header to XHR made by fileupload.
Since fileupload doesn't think Opera supports XHR, it builds a form and submits that instead.
By adding a hidden authenticity_token to the form, Opera can submit the form without logging the user out.
This commit is contained in:
John Edmonds 2011-09-18 17:02:20 -04:00
parent 95ad709324
commit 8a44b384c0
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
public/javascripts/fileuploader-custom.js
View file

@ -1017,6 +1017,7 @@ qq.extend(qq.UploadHandlerForm.prototype, {
var iframe = this._createIframe(id);
var form = this._createForm(iframe, params);
form.appendChild(input);
$(form).append($('<input type="hidden" name="authenticity_token" value="'+$("meta[name='csrf-token']").attr("content")+'"/>'));
var self = this;
this._attachLoadEvent(iframe, function(){