From 5db8031c237918a5339dcf54ee581afec492e6cb Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Fri, 25 Nov 2011 09:41:15 +0000
Subject: [PATCH] Make sure all forms have the correct authenticity token

A cached page may include forms, which will then have the wrong
authenticity token, so after the page has finished loading we fix
up those tokens using the one from the meta tags which will always
be correct as we never cache the layout.
---
 app/views/layouts/site.html.erb | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/app/views/layouts/site.html.erb b/app/views/layouts/site.html.erb
index 44329edb5..6fc7cb869 100644
--- a/app/views/layouts/site.html.erb
+++ b/app/views/layouts/site.html.erb
@@ -63,7 +63,6 @@
     </script>
 
     <div id="left">
-
       <div id="logo">
         <center>
           <h1><%= t 'layouts.project_name.h1' %></h1>
@@ -125,6 +124,17 @@
         </div>
       </center>
     </div>
+
+    <script type="text/javascript">
+    document.observe("dom:loaded", function () {
+      var auth_token = $$("meta[name=csrf-token]")[0].content;
+
+      $$("form input[name=authenticity_token]").each(function (input) {
+        input.value = auth_token;
+      });
+    }
+    </script>
+
     <% if defined?(PIWIK_LOCATION) and defined?(PIWIK_SITE) -%>
     <%= render :partial => "layouts/piwik" %>
     <% end -%>
-- 
2.43.2