diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/application_controller.rb | 13 | ||||
| -rw-r--r-- | app/views/general/_frontpage_search_box.html.erb | 2 | ||||
| -rw-r--r-- | app/views/general/_header.html.erb | 2 | ||||
| -rw-r--r-- | app/views/general/_responsive_topnav.html.erb | 2 |
4 files changed, 15 insertions, 4 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index dbd879a1c..044f8e10f 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -14,7 +14,8 @@ class ApplicationController < ActionController::Base end class RouteNotFound < StandardError end - protect_from_forgery + protect_from_forgery :if => :user? + skip_before_filter :verify_authenticity_token, :unless => :user? # assign our own handler method for non-local exceptions rescue_from Exception, :with => :render_exception @@ -247,6 +248,16 @@ class ApplicationController < ActionController::Base private + def user? + !session[:user_id].nil? + end + + def form_authenticity_token + if user? + session[:_csrf_token] ||= SecureRandom.base64(32) + end + end + # Check the user is logged in def authenticated?(reason_params) unless session[:user_id] diff --git a/app/views/general/_frontpage_search_box.html.erb b/app/views/general/_frontpage_search_box.html.erb index f77bd97fc..a58d837f8 100644 --- a/app/views/general/_frontpage_search_box.html.erb +++ b/app/views/general/_frontpage_search_box.html.erb @@ -5,7 +5,7 @@ :number_of_requests => number_with_delimiter(InfoRequest.visible.count), :number_of_authorities => number_with_delimiter(PublicBody.visible.count)) %> </h2> -<form id="search_form" method="post" action="<%= search_redirect_path %>"> +<form id="search_form" method="get" action="<%= search_redirect_path %>"> <div> <input id="query" type="text" size="30" name="query" title="type your search term here" > <input type="submit" value="<%= _('Search') %>"> diff --git a/app/views/general/_header.html.erb b/app/views/general/_header.html.erb index 55bf719e2..f465668a5 100644 --- a/app/views/general/_header.html.erb +++ b/app/views/general/_header.html.erb @@ -22,7 +22,7 @@ <% end %> <div id="navigation_search"> - <form id="navigation_search_form" method="post" action="<%= search_redirect_path %>"> + <form id="navigation_search_form" method="get" action="<%= search_redirect_path %>"> <p> <%= text_field_tag 'query', params[:query], { :size => 40, :id => "navigation_search_query", :title => "type your search term here" } %> <input id="navigation_search_button" type="submit" value="search"> diff --git a/app/views/general/_responsive_topnav.html.erb b/app/views/general/_responsive_topnav.html.erb index cb8151467..c99864cab 100644 --- a/app/views/general/_responsive_topnav.html.erb +++ b/app/views/general/_responsive_topnav.html.erb @@ -21,7 +21,7 @@ </li> <li id="navigation_search"> - <form id="navigation_search_form" method="post" action="<%= search_redirect_path %>" role="search"> + <form id="navigation_search_form" method="get" action="<%= search_redirect_path %>" role="search"> <label class="visually-hidden" for="navigation_search_button"> <%= _("Search") %> </label> |