| @@ -5,6 +5,7 | |||||
| 5 | <title><%=h html_title %></title> |
|
5 | <title><%=h html_title %></title> | |
| 6 | <meta name="description" content="<%= Redmine::Info.app_name %>" /> |
|
6 | <meta name="description" content="<%= Redmine::Info.app_name %>" /> | |
| 7 | <meta name="keywords" content="issue,bug,tracker" /> |
|
7 | <meta name="keywords" content="issue,bug,tracker" /> | |
|
|
8 | <%= csrf_meta_tag %> | |||
| 8 | <%= favicon %> |
|
9 | <%= favicon %> | |
| 9 | <%= stylesheet_link_tag 'application', :media => 'all' %> |
|
10 | <%= stylesheet_link_tag 'application', :media => 'all' %> | |
| 10 | <%= stylesheet_link_tag 'rtl', :media => 'all' if l(:direction) == 'rtl' %> |
|
11 | <%= stylesheet_link_tag 'rtl', :media => 'all' if l(:direction) == 'rtl' %> | |
| @@ -299,9 +299,27 var WarnLeavingUnsaved = Class.create({ | |||||
| 299 | } |
|
299 | } | |
| 300 | }); |
|
300 | }); | |
| 301 |
|
301 | |||
| 302 | /* shows and hides ajax indicator */ |
|
302 | /* | |
|
|
303 | * 1 - registers a callback which copies the csrf token into the | |||
|
|
304 | * X-CSRF-Token header with each ajax request. Necessary to | |||
|
|
305 | * work with rails applications which have fixed | |||
|
|
306 | * CVE-2011-0447 | |||
|
|
307 | * 2 - shows and hides ajax indicator | |||
|
|
308 | */ | |||
| 303 | Ajax.Responders.register({ |
|
309 | Ajax.Responders.register({ | |
| 304 | onCreate: function(){ |
|
310 | onCreate: function(request){ | |
|
|
311 | var csrf_meta_tag = $$('meta[name=csrf-token]')[0]; | |||
|
|
312 | ||||
|
|
313 | if (csrf_meta_tag) { | |||
|
|
314 | var header = 'X-CSRF-Token', | |||
|
|
315 | token = csrf_meta_tag.readAttribute('content'); | |||
|
|
316 | ||||
|
|
317 | if (!request.options.requestHeaders) { | |||
|
|
318 | request.options.requestHeaders = {}; | |||
|
|
319 | } | |||
|
|
320 | request.options.requestHeaders[header] = token; | |||
|
|
321 | } | |||
|
|
322 | ||||
| 305 | if ($('ajax-indicator') && Ajax.activeRequestCount > 0) { |
|
323 | if ($('ajax-indicator') && Ajax.activeRequestCount > 0) { | |
| 306 | Element.show('ajax-indicator'); |
|
324 | Element.show('ajax-indicator'); | |
| 307 | } |
|
325 | } | |
General Comments 0
You need to be logged in to leave comments.
Login now