From 7ede602d1d1f41d0f60d60d402e542011cbdbab0 Mon Sep 17 00:00:00 2001
From: fr33domlover <fr33domlover@rel4tion.org>
Date: Wed, 17 Feb 2016 11:49:41 +0000
Subject: [PATCH] Remove CSRF protection for now, until I fix it

---
 src/Foundation.hs                       |  2 +-
 templates/default-layout-wrapper.hamlet | 46 ++++++++++++-------------
 2 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/src/Foundation.hs b/src/Foundation.hs
index b437a4d..fd5a9c5 100644
--- a/src/Foundation.hs
+++ b/src/Foundation.hs
@@ -81,7 +81,7 @@ instance Yesod App where
     --   b) Validates that incoming write requests include that token in either a header or POST parameter.
     -- For details, see the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package.
     yesodMiddleware =
-        defaultCsrfMiddleware .
+        -- defaultCsrfMiddleware .
         -- sslOnlyMiddleware 120 .
         defaultYesodMiddleware
 
diff --git a/templates/default-layout-wrapper.hamlet b/templates/default-layout-wrapper.hamlet
index 07ec4c9..b2b9d25 100644
--- a/templates/default-layout-wrapper.hamlet
+++ b/templates/default-layout-wrapper.hamlet
@@ -12,29 +12,29 @@ $newline never
 
     ^{pageHead pc}
 
-    <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js">
-    <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.0.3/js.cookie.min.js">
-
-    <script>
-      /* The `defaultCsrfMiddleware` Middleware added in Foundation.hs adds a CSRF token the request cookies. */
-      /* AJAX requests should add that token to a header to be validated by the server. */
-      /* See the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package for details. */
-      var csrfHeaderName = "#{TE.decodeUtf8 $ CI.foldedCase defaultCsrfHeaderName}";
-
-      var csrfCookieName = "#{TE.decodeUtf8 defaultCsrfCookieName}";
-      var csrfToken = Cookies.get(csrfCookieName);
-
-
-      if (csrfToken) {
-      \  $.ajaxPrefilter(function( options, originalOptions, jqXHR ) {
-      \      if (!options.crossDomain) {
-      \          jqXHR.setRequestHeader(csrfHeaderName, csrfToken);
-      \      }
-      \  });
-      }
-
-    <script>
-      document.documentElement.className = document.documentElement.className.replace(/\bno-js\b/,'js');
+$#  <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js">
+$#  <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.0.3/js.cookie.min.js">
+$#
+$#  <script>
+$#    /* The `defaultCsrfMiddleware` Middleware added in Foundation.hs adds a CSRF token the request cookies. */
+$#    /* AJAX requests should add that token to a header to be validated by the server. */
+$#    /* See the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package for details. */
+$#    var csrfHeaderName = "#{TE.decodeUtf8 $ CI.foldedCase defaultCsrfHeaderName}";
+$#
+$#    var csrfCookieName = "#{TE.decodeUtf8 defaultCsrfCookieName}";
+$#    var csrfToken = Cookies.get(csrfCookieName);
+$#
+$#
+$#    if (csrfToken) {
+$#    \  $.ajaxPrefilter(function( options, originalOptions, jqXHR ) {
+$#    \      if (!options.crossDomain) {
+$#    \          jqXHR.setRequestHeader(csrfHeaderName, csrfToken);
+$#    \      }
+$#    \  });
+$#    }
+$#
+$#  <script>
+$#    document.documentElement.className = document.documentElement.className.replace(/\bno-js\b/,'js');
   <body>
     <div class="container">
       <header>