[Git][noosfero/noosfero][master] 2 commits: Fix HTTP caching and logins with rails 4

Victor Costa gitlab at mg.gitlab.com
Fri Dec 4 17:04:48 BRST 2015 

Victor Costa pushed to branch master at Noosfero / noosfero


Commits:
875d8afc by Antonio Terceiro at 2015-12-03T18:07:17Z
Fix HTTP caching and logins with rails 4

Since all cookies should be dropped for unauthenticated users, you cannot
expect the XSRF cookie to be present to allow users to login!

- - - - -
6d69da64 by Victor Costa at 2015-12-04T19:04:24Z
Merge branch 'fix-http-cache' into 'master'

Fix HTTP caching and logins with rails 4

Since all cookies should be dropped for unauthenticated users, you cannot
expect the XSRF cookie to be present to allow users to login!


See merge request !739
- - - - -


2 changed files:

- app/controllers/public/account_controller.rb
- vendor/plugins/noosfero_caching/init.rb


Changes:

=====================================
app/controllers/public/account_controller.rb
=====================================
--- a/app/controllers/public/account_controller.rb
+++ b/app/controllers/public/account_controller.rb
@@ -6,6 +6,8 @@ class AccountController < ApplicationController
   before_filter :redirect_if_logged_in, :only => [:login, :signup]
   before_filter :protect_from_bots, :only => :signup
 
+  protect_from_forgery except: [:login]
+
   helper CustomFieldsHelper
   # say something nice, you goof!  something sweet.
   def index


=====================================
vendor/plugins/noosfero_caching/init.rb
=====================================
--- a/vendor/plugins/noosfero_caching/init.rb
+++ b/vendor/plugins/noosfero_caching/init.rb
@@ -27,7 +27,6 @@ module NoosferoHttpCaching
   end
 
   def noosfero_session_check
-    return unless params[:controller] == 'account'
     headers["X-Noosfero-Auth"] = (session[:user] != nil).to_s
   end
 



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/ce49e588d9f664e896b4596850675a34eeae3457...6d69da649ec8173d3538821b873b3c79ca6e7c8f
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20151204/02927b18/attachment.html>

More information about the Noosfero-dev mailing list