Skip to content

Fixes AJAX requests for jQuery 1.5 because of new CSRF requirements#95

Closed
parndt wants to merge 6 commits intorails:masterfrom
parndt:master
Closed

Fixes AJAX requests for jQuery 1.5 because of new CSRF requirements#95
parndt wants to merge 6 commits intorails:masterfrom
parndt:master

Conversation

@parndt
Copy link

@parndt parndt commented Feb 10, 2011

@parndt
Copy link
Author

parndt commented Feb 10, 2011

I've updated this to fix both jQuery versions. Confirmed in a previously failing application (refinerycms) using jQuery 1.4.3 (required version by this script) and jQuery 1.5.

@parndt
Copy link
Author

parndt commented Feb 10, 2011

Better/passing tests are on their way..

@parndt
Copy link
Author

parndt commented Feb 10, 2011

Ready to roll!

@mislav
Copy link
Member

mislav commented Feb 10, 2011

Sorry to break it to you: we've duplicated efforts. I've already fixed this yesterday but didn't push because of some broken tests in IE.

Your approach is brittle, however: you've extended ajaxSettings with a beforeSend callback. This will work as long as the user doesn't specify a beforeSend callback of their own. As soon as they do, your hook is overridden and has no effect.

@parndt
Copy link
Author

parndt commented Feb 10, 2011

Our approach came directly from here http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails

At any rate, I'm glad it's fixed in core! I've tried out your solution and it has exactly the same result in my 3.0.4 app (i.e. it works!)

Thanks, Mislav. Also, congrats on the new position.

This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@parndt @mislav