1
0
Fork 0
mirror of https://code.sup39.dev/repos/Wqawg synced 2024-12-27 17:44:52 +09:00

Remove CSRF protection for now, until I fix it

This commit is contained in:
fr33domlover 2016-02-17 11:49:41 +00:00
parent 8e3675865d
commit 7ede602d1d
2 changed files with 24 additions and 24 deletions

View file

@ -81,7 +81,7 @@ instance Yesod App where
-- b) Validates that incoming write requests include that token in either a header or POST parameter.
-- For details, see the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package.
yesodMiddleware =
defaultCsrfMiddleware .
-- defaultCsrfMiddleware .
-- sslOnlyMiddleware 120 .
defaultYesodMiddleware

View file

@ -12,29 +12,29 @@ $newline never
^{pageHead pc}
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js">
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.0.3/js.cookie.min.js">
<script>
/* The `defaultCsrfMiddleware` Middleware added in Foundation.hs adds a CSRF token the request cookies. */
/* AJAX requests should add that token to a header to be validated by the server. */
/* See the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package for details. */
var csrfHeaderName = "#{TE.decodeUtf8 $ CI.foldedCase defaultCsrfHeaderName}";
var csrfCookieName = "#{TE.decodeUtf8 defaultCsrfCookieName}";
var csrfToken = Cookies.get(csrfCookieName);
if (csrfToken) {
\ $.ajaxPrefilter(function( options, originalOptions, jqXHR ) {
\ if (!options.crossDomain) {
\ jqXHR.setRequestHeader(csrfHeaderName, csrfToken);
\ }
\ });
}
<script>
document.documentElement.className = document.documentElement.className.replace(/\bno-js\b/,'js');
$# <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js">
$# <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.0.3/js.cookie.min.js">
$#
$# <script>
$# /* The `defaultCsrfMiddleware` Middleware added in Foundation.hs adds a CSRF token the request cookies. */
$# /* AJAX requests should add that token to a header to be validated by the server. */
$# /* See the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package for details. */
$# var csrfHeaderName = "#{TE.decodeUtf8 $ CI.foldedCase defaultCsrfHeaderName}";
$#
$# var csrfCookieName = "#{TE.decodeUtf8 defaultCsrfCookieName}";
$# var csrfToken = Cookies.get(csrfCookieName);
$#
$#
$# if (csrfToken) {
$# \ $.ajaxPrefilter(function( options, originalOptions, jqXHR ) {
$# \ if (!options.crossDomain) {
$# \ jqXHR.setRequestHeader(csrfHeaderName, csrfToken);
$# \ }
$# \ });
$# }
$#
$# <script>
$# document.documentElement.className = document.documentElement.className.replace(/\bno-js\b/,'js');
<body>
<div class="container">
<header>