[Bug] forms hidden field CSRF token is not updated when turbolinks is enabled

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug] forms hidden field CSRF token is not updated when turbolinks is enabled

Maurizio De santis
I'm unsure in which project to open a bug, so I want to ask first.


rails 5.1.1, turbolinks 5.0.1, turbolinks-source 5.0.3


Reproduction steps:

Visit a page with a form with authenticity token field inside
Navigate with turbolinks links or click browser Back and Forward buttons
Check the form with authenticity token field value

Expected:

Its value should be the same of head meta name="csrf-token" value

Got:

Its value differs from head meta name="csrf-token" value

Temporary fix:

Load this javascript (coffeescript syntax):

$(document).on 'turbolinks:load', ->
  $('input[name=authenticity_token]').val Rails.csrfToken()

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Bug] forms hidden field CSRF token is not updated when turbolinks is enabled

Maurizio De santis
The question is: where should I open it as a bug?

Il giorno martedì 20 giugno 2017 17:29:40 UTC+2, Maurizio De Santis ha scritto:
I'm unsure in which project to open a bug, so I want to ask first.


rails 5.1.1, turbolinks 5.0.1, turbolinks-source 5.0.3


Reproduction steps:

Visit a page with a form with authenticity token field inside
Navigate with turbolinks links or click browser Back and Forward buttons
Check the form with authenticity token field value

Expected:

Its value should be the same of head meta name="csrf-token" value

Got:

Its value differs from head meta name="csrf-token" value

Temporary fix:

Load this javascript (coffeescript syntax):

$(document).on 'turbolinks:load', ->
  $('input[name=authenticity_token]').val Rails.csrfToken()

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/d/optout.
Loading...