Make sure all forms have the correct authenticity token

[rails.git] / app / views / layouts / site.html.erb

diff --git a/app/views/layouts/site.html.erb b/app/views/layouts/site.html.erb
index 44329edb5c622e72e9516b86b80d35a260fe6aac..6fc7cb869b039da766b2598e7e10f809da066013 100644 (file)
--- a/app/views/layouts/site.html.erb
+++ b/app/views/layouts/site.html.erb
@@ -63,7 +63,6 @@
     </script>
 
     <div id="left">
-
       <div id="logo">
         <center>
           <h1><%= t 'layouts.project_name.h1' %></h1>
@@ -125,6 +124,17 @@
         </div>
       </center>
     </div>
+
+    <script type="text/javascript">
+    document.observe("dom:loaded", function () {
+      var auth_token = $$("meta[name=csrf-token]")[0].content;
+
+      $$("form input[name=authenticity_token]").each(function (input) {
+        input.value = auth_token;
+      });
+    }
+    </script>
+
     <% if defined?(PIWIK_LOCATION) and defined?(PIWIK_SITE) -%>
     <%= render :partial => "layouts/piwik" %>
     <% end -%>