Remove CSRF protection for now, until I fix it

This commit is contained in:
fr33domlover 2016-02-17 11:49:41 +00:00
parent 8e3675865d
commit 7ede602d1d
2 changed files with 24 additions and 24 deletions

View file

@ -81,7 +81,7 @@ instance Yesod App where
-- b) Validates that incoming write requests include that token in either a header or POST parameter. -- b) Validates that incoming write requests include that token in either a header or POST parameter.
-- For details, see the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package. -- For details, see the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package.
yesodMiddleware = yesodMiddleware =
defaultCsrfMiddleware . -- defaultCsrfMiddleware .
-- sslOnlyMiddleware 120 . -- sslOnlyMiddleware 120 .
defaultYesodMiddleware defaultYesodMiddleware

View file

@ -12,29 +12,29 @@ $newline never
^{pageHead pc} ^{pageHead pc}
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js"> $# <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js">
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.0.3/js.cookie.min.js"> $# <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.0.3/js.cookie.min.js">
$#
<script> $# <script>
/* The `defaultCsrfMiddleware` Middleware added in Foundation.hs adds a CSRF token the request cookies. */ $# /* The `defaultCsrfMiddleware` Middleware added in Foundation.hs adds a CSRF token the request cookies. */
/* AJAX requests should add that token to a header to be validated by the server. */ $# /* AJAX requests should add that token to a header to be validated by the server. */
/* See the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package for details. */ $# /* See the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package for details. */
var csrfHeaderName = "#{TE.decodeUtf8 $ CI.foldedCase defaultCsrfHeaderName}"; $# var csrfHeaderName = "#{TE.decodeUtf8 $ CI.foldedCase defaultCsrfHeaderName}";
$#
var csrfCookieName = "#{TE.decodeUtf8 defaultCsrfCookieName}"; $# var csrfCookieName = "#{TE.decodeUtf8 defaultCsrfCookieName}";
var csrfToken = Cookies.get(csrfCookieName); $# var csrfToken = Cookies.get(csrfCookieName);
$#
$#
if (csrfToken) { $# if (csrfToken) {
\ $.ajaxPrefilter(function( options, originalOptions, jqXHR ) { $# \ $.ajaxPrefilter(function( options, originalOptions, jqXHR ) {
\ if (!options.crossDomain) { $# \ if (!options.crossDomain) {
\ jqXHR.setRequestHeader(csrfHeaderName, csrfToken); $# \ jqXHR.setRequestHeader(csrfHeaderName, csrfToken);
\ } $# \ }
\ }); $# \ });
} $# }
$#
<script> $# <script>
document.documentElement.className = document.documentElement.className.replace(/\bno-js\b/,'js'); $# document.documentElement.className = document.documentElement.className.replace(/\bno-js\b/,'js');
<body> <body>
<div class="container"> <div class="container">
<header> <header>