Remove CSRF protection for now, until I fix it
This commit is contained in:
parent
8e3675865d
commit
7ede602d1d
2 changed files with 24 additions and 24 deletions
|
@ -81,7 +81,7 @@ instance Yesod App where
|
||||||
-- b) Validates that incoming write requests include that token in either a header or POST parameter.
|
-- b) Validates that incoming write requests include that token in either a header or POST parameter.
|
||||||
-- For details, see the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package.
|
-- For details, see the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package.
|
||||||
yesodMiddleware =
|
yesodMiddleware =
|
||||||
defaultCsrfMiddleware .
|
-- defaultCsrfMiddleware .
|
||||||
-- sslOnlyMiddleware 120 .
|
-- sslOnlyMiddleware 120 .
|
||||||
defaultYesodMiddleware
|
defaultYesodMiddleware
|
||||||
|
|
||||||
|
|
|
@ -12,29 +12,29 @@ $newline never
|
||||||
|
|
||||||
^{pageHead pc}
|
^{pageHead pc}
|
||||||
|
|
||||||
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js">
|
$# <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js">
|
||||||
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.0.3/js.cookie.min.js">
|
$# <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.0.3/js.cookie.min.js">
|
||||||
|
$#
|
||||||
<script>
|
$# <script>
|
||||||
/* The `defaultCsrfMiddleware` Middleware added in Foundation.hs adds a CSRF token the request cookies. */
|
$# /* The `defaultCsrfMiddleware` Middleware added in Foundation.hs adds a CSRF token the request cookies. */
|
||||||
/* AJAX requests should add that token to a header to be validated by the server. */
|
$# /* AJAX requests should add that token to a header to be validated by the server. */
|
||||||
/* See the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package for details. */
|
$# /* See the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package for details. */
|
||||||
var csrfHeaderName = "#{TE.decodeUtf8 $ CI.foldedCase defaultCsrfHeaderName}";
|
$# var csrfHeaderName = "#{TE.decodeUtf8 $ CI.foldedCase defaultCsrfHeaderName}";
|
||||||
|
$#
|
||||||
var csrfCookieName = "#{TE.decodeUtf8 defaultCsrfCookieName}";
|
$# var csrfCookieName = "#{TE.decodeUtf8 defaultCsrfCookieName}";
|
||||||
var csrfToken = Cookies.get(csrfCookieName);
|
$# var csrfToken = Cookies.get(csrfCookieName);
|
||||||
|
$#
|
||||||
|
$#
|
||||||
if (csrfToken) {
|
$# if (csrfToken) {
|
||||||
\ $.ajaxPrefilter(function( options, originalOptions, jqXHR ) {
|
$# \ $.ajaxPrefilter(function( options, originalOptions, jqXHR ) {
|
||||||
\ if (!options.crossDomain) {
|
$# \ if (!options.crossDomain) {
|
||||||
\ jqXHR.setRequestHeader(csrfHeaderName, csrfToken);
|
$# \ jqXHR.setRequestHeader(csrfHeaderName, csrfToken);
|
||||||
\ }
|
$# \ }
|
||||||
\ });
|
$# \ });
|
||||||
}
|
$# }
|
||||||
|
$#
|
||||||
<script>
|
$# <script>
|
||||||
document.documentElement.className = document.documentElement.className.replace(/\bno-js\b/,'js');
|
$# document.documentElement.className = document.documentElement.className.replace(/\bno-js\b/,'js');
|
||||||
<body>
|
<body>
|
||||||
<div class="container">
|
<div class="container">
|
||||||
<header>
|
<header>
|
||||||
|
|
Loading…
Reference in a new issue