| @@ -5,6 +5,7 | |||
|
|
5 | 5 | <title><%=h html_title %></title> |
|
|
6 | 6 | <meta name="description" content="<%= Redmine::Info.app_name %>" /> |
|
|
7 | 7 | <meta name="keywords" content="issue,bug,tracker" /> |
|
|
8 | <%= csrf_meta_tag %> | |
|
|
8 | 9 | <%= favicon %> |
|
|
9 | 10 | <%= stylesheet_link_tag 'application', :media => 'all' %> |
|
|
10 | 11 | <%= stylesheet_link_tag 'rtl', :media => 'all' if l(:direction) == 'rtl' %> |
| @@ -299,9 +299,27 var WarnLeavingUnsaved = Class.create({ | |||
|
|
299 | 299 | } |
|
|
300 | 300 | }); |
|
|
301 | 301 | |
|
|
302 | /* shows and hides ajax indicator */ | |
|
|
302 | /* | |
|
|
303 | * 1 - registers a callback which copies the csrf token into the | |
|
|
304 | * X-CSRF-Token header with each ajax request. Necessary to | |
|
|
305 | * work with rails applications which have fixed | |
|
|
306 | * CVE-2011-0447 | |
|
|
307 | * 2 - shows and hides ajax indicator | |
|
|
308 | */ | |
|
|
303 | 309 | Ajax.Responders.register({ |
|
|
304 | onCreate: function(){ | |
|
|
310 | onCreate: function(request){ | |
|
|
311 | var csrf_meta_tag = $$('meta[name=csrf-token]')[0]; | |
|
|
312 | ||
|
|
313 | if (csrf_meta_tag) { | |
|
|
314 | var header = 'X-CSRF-Token', | |
|
|
315 | token = csrf_meta_tag.readAttribute('content'); | |
|
|
316 | ||
|
|
317 | if (!request.options.requestHeaders) { | |
|
|
318 | request.options.requestHeaders = {}; | |
|
|
319 | } | |
|
|
320 | request.options.requestHeaders[header] = token; | |
|
|
321 | } | |
|
|
322 | ||
|
|
305 | 323 | if ($('ajax-indicator') && Ajax.activeRequestCount > 0) { |
|
|
306 | 324 | Element.show('ajax-indicator'); |
|
|
307 | 325 | } |
General Comments 0
You need to be logged in to leave comments.
Login now