Remove CSRF protection for now, until I fix it
This commit is contained in:
fr33domlover
parent
8e3675865d
commit
7ede602d1d
2 changed files with 24 additions and 24 deletions
|
|
@ -81,7 +81,7 @@ instance Yesod App where
|
|||
-- b) Validates that incoming write requests include that token in either a header or POST parameter.
|
||||
-- For details, see the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package.
|
||||
yesodMiddleware =
|
||||
defaultCsrfMiddleware .
|
||||
-- defaultCsrfMiddleware .
|
||||
-- sslOnlyMiddleware 120 .
|
||||
defaultYesodMiddleware
|
||||
|
||||
|
|
|
|||
|
|
@ -12,29 +12,29 @@ $newline never
|
|||
|
||||
^{pageHead pc}
|
||||
|
||||
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js">
|
||||
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.0.3/js.cookie.min.js">
|
||||
|
||||
<script>
|
||||
/* The `defaultCsrfMiddleware` Middleware added in Foundation.hs adds a CSRF token the request cookies. */
|
||||
/* AJAX requests should add that token to a header to be validated by the server. */
|
||||
/* See the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package for details. */
|
||||
var csrfHeaderName = "#{TE.decodeUtf8 $ CI.foldedCase defaultCsrfHeaderName}";
|
||||
|
||||
var csrfCookieName = "#{TE.decodeUtf8 defaultCsrfCookieName}";
|
||||
var csrfToken = Cookies.get(csrfCookieName);
|
||||
|
||||
|
||||
if (csrfToken) {
|
||||
\ $.ajaxPrefilter(function( options, originalOptions, jqXHR ) {
|
||||
\ if (!options.crossDomain) {
|
||||
\ jqXHR.setRequestHeader(csrfHeaderName, csrfToken);
|
||||
\ }
|
||||
\ });
|
||||
}
|
||||
|
||||
<script>
|
||||
document.documentElement.className = document.documentElement.className.replace(/\bno-js\b/,'js');
|
||||
$# <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js">
|
||||
$# <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.0.3/js.cookie.min.js">
|
||||
$#
|
||||
$# <script>
|
||||
$# /* The `defaultCsrfMiddleware` Middleware added in Foundation.hs adds a CSRF token the request cookies. */
|
||||
$# /* AJAX requests should add that token to a header to be validated by the server. */
|
||||
$# /* See the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package for details. */
|
||||
$# var csrfHeaderName = "#{TE.decodeUtf8 $ CI.foldedCase defaultCsrfHeaderName}";
|
||||
$#
|
||||
$# var csrfCookieName = "#{TE.decodeUtf8 defaultCsrfCookieName}";
|
||||
$# var csrfToken = Cookies.get(csrfCookieName);
|
||||
$#
|
||||
$#
|
||||
$# if (csrfToken) {
|
||||
$# \ $.ajaxPrefilter(function( options, originalOptions, jqXHR ) {
|
||||
$# \ if (!options.crossDomain) {
|
||||
$# \ jqXHR.setRequestHeader(csrfHeaderName, csrfToken);
|
||||
$# \ }
|
||||
$# \ });
|
||||
$# }
|
||||
$#
|
||||
$# <script>
|
||||
$# document.documentElement.className = document.documentElement.className.replace(/\bno-js\b/,'js');
|
||||
<body>
|
||||
<div class="container">
|
||||
<header>
|
||||
|
|
|
|||
Loading…
Reference in a new issue