Skip Menu |

This queue is for tickets about the Mojolicious-Plugin-CSRFProtect CPAN distribution.

Report information
The Basics
Id: 79839
Status: resolved
Priority: 0/
Queue: Mojolicious-Plugin-CSRFProtect
People
Owner: Nobody in particular
Requestors: martin_gillen [...] mitel.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
CSRFProtect.patch
CSRFProtect.pm.updated

History Show all quoted text
  Tue Sep 25 00:40:58 2012 martin_gillen [...] mitel.com - Ticket created
Subject: The plugin assumes that $ is aliased to jquery. That is not always the case.
Date: Tue, 25 Sep 2012 00:40:28 -0400
To: bug-Mojolicious-Plugin-CSRFProtect [...] rt.cpan.org
From: "Gillen, Martin" <martin_gillen [...] mitel.com>
The user may have used the jQuery.noConflict()<http://api.jquery.com/jQuery.noConflict/>method to alias a different variable to jQuery like: <script type="text/javascript"> var j = jQuery.noConflict() </script> In this case, the plugin will not work. I have written a small patch (also attached) which fixes this issue (based on version 0.10): --------------------------------------------------------------------------------------------------------------------------- --- CSRFProtect.pm 2012-09-25 00:23:54.930207000 -0400 +++ CSRFProtect.pm.updated 2012-09-25 00:24:13.041003000 -0400 @@ -46,10 +46,11 @@ # Add "jquery_ajax_csrf_protection" helper $app->helper( jquery_ajax_csrf_protection => sub { + my $jq = $_[1] | '$'; my $js = '<meta name="csrftoken" content="' . $self->_csrftoken( $_[0] ) . '"/>'; $js .= q!<script type="text/javascript">!; - $js .= q! $(document).ajaxSend(function(e, xhr, options) { !; - $js .= q! var token = $("meta[name='csrftoken']").attr("content");!; + $js .= q! !.$jq.q!(document).ajaxSend(function(e, xhr, options) { !; + $js .= q! var token = !.$jq.q!("meta[name='csrftoken']").attr("content");!; $js .= q! xhr.setRequestHeader("X-CSRF-Token", token);!; $js .= q! });</script>!; @@ -180,6 +181,14 @@ You should add <%= jquery_ajax_csrf_protection %> in head of your HTML page. + If you have created an alternative alias for jQuery using jQuery.noConflict, you can pass it as an argument: + + <script type="text/javascript"> + var j = jQuery.noConflict() + </script> + + <%= jquery_ajax_csrf_protection('j') %> + =head2 C<csrftoken> returns CSRF Protection token. --------------------------------------------------------------------------------------------------------------------------- Thanks, *Martin A. Gillen* *________________________ Desktop Extension 72331 Phase 4 Floor 4 Pillar J6* -- This e-mail (including any attachments) is for the sole use of the intended recipient(s) and may contain information that is confidential and/or protected by legal privilege. Any unauthorized review, use, copy, disclosure or distribution of this e-mail is strictly prohibited. If you are not the intended recipient, please notify Mitel immediately and destroy all copies of this e-mail. Mitel does not accept any liability for breach of security, error or virus that may result from the transmission of this message.

Message body is not shown because sender requested not to inline it.

Download CSRFProtect.pm.updated
application/octet-stream 6.6k

Message body not shown because it is not plain text.

  Tue Sep 25 03:23:21 2012 KOORCHIK [...] cpan.org - Correspondence added
Fixed. Just replaced "$" with "jQuery" - https://github.com/koorchik/Mojolicious-Plugin- CSRFProtect/commit/eba458249e011f2e023ce4a675716226d74db4e8 I think this will solve the problem.
  Tue Sep 25 03:23:21 2012 The RT System itself - Status changed from 'new' to 'open'
  Tue Sep 25 03:23:21 2012 KOORCHIK [...] cpan.org - Status changed from 'open' to 'resolved'
  Wed Sep 26 17:47:02 2012 martin_gillen [...] mitel.com - Correspondence added
Subject: Re: [rt.cpan.org #79839] The plugin assumes that $ is aliased to jquery. That is not always the case.
Date: Wed, 26 Sep 2012 17:46:40 -0400
To: bug-Mojolicious-Plugin-CSRFProtect [...] rt.cpan.org
From: "Gillen, Martin" <martin_gillen [...] mitel.com>
Thanks very much. Great job on the plugin! Thanks, *Martin A. Gillen* *________________________ Desktop Extension 72331 Phase 4 Floor 4 Pillar J6* On Tue, Sep 25, 2012 at 3:23 AM, Viktor Tuskyi via RT < bug-Mojolicious-Plugin-CSRFProtect@rt.cpan.org> wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=79839 > > > Fixed. > Just replaced "$" with "jQuery" - > https://github.com/koorchik/Mojolicious-Plugin- > CSRFProtect/commit/eba458249e011f2e023ce4a675716226d74db4e8 > > I think this will solve the problem. >
-- This e-mail (including any attachments) is for the sole use of the intended recipient(s) and may contain information that is confidential and/or protected by legal privilege. Any unauthorized review, use, copy, disclosure or distribution of this e-mail is strictly prohibited. If you are not the intended recipient, please notify Mitel immediately and destroy all copies of this e-mail. Mitel does not accept any liability for breach of security, error or virus that may result from the transmission of this message.
  Wed Sep 26 17:47:03 2012 The RT System itself - Status changed from 'resolved' to 'open'
  Tue Nov 13 15:16:53 2012 KOORCHIK [...] cpan.org - Status changed from 'open' to 'resolved'