Bug#569811: rails: xhr requests return error 500 (patch provided)

Sun, 14 Feb 2010 05:54:49 -0800 

Package: rails
Version: 2.2.3-2
Severity: normal

In package redmine, xhr requests always return error 500.
It does not happen with the provided (very simple) patch,
which i took from rails 2.3.5.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-2-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rails depends on:
ii  libbuilder-ruby              2.1.2-1     Ruby library to facilitate program
ii  liberb-ruby                  4.2         transitional dummy package
ii  libjs-prototype              1.6.1-1     JavaScript Framework for dynamic w
ii  libredcloth-ruby1.8          4.2.2-1     Textile module for Ruby 1.8
ii  libruby [liberb-ruby]        4.2         Libraries necessary to run Ruby 1.
ii  libruby1.8-extras            0.5         a bundle of additional libraries f
ii  libsqlite3-ruby              1.2.4-2     SQLite3 interface for Ruby
ii  libxml-simple-ruby           1.0.12-1    Simple Ruby API for reading and wr
ii  rake                         0.8.7-1     a ruby build program
ii  rdoc                         4.2         Generate documentation from ruby s
ii  ruby                         4.2         An interpreter of object-oriented 
ii  ruby1.8                      1.8.7.249-1 Interpreter of object-oriented scr

Versions of packages rails recommends:
ii  irb                           4.2        Interactive Ruby (irb)
ii  libmocha-ruby                 0.9.8-1    Mocking and stubbing library for R

Versions of packages rails suggests:
pn  libapache2-mod-ruby | libapac <none>     (no description available)
ii  libfcgi-ruby1.8 [libfcgi-ruby 0.8.8-1    FastCGI library for Ruby

-- no debconf information

diff --git a/actionpack/lib/action_controller/request_forgery_protection.rb b/actionpack/lib/action_controller/request_forgery_protection.rb
index 3e0e94a..1dc6ad6 100644
--- a/actionpack/lib/action_controller/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/request_forgery_protection.rb
@@ -94,6 +94,7 @@ module ActionController #:nodoc:
       def verified_request?
         !protect_against_forgery?     ||
           request.method == :get      ||
+          request.xhr?                ||
           !verifiable_request_format? ||
           form_authenticity_token == params[request_forgery_protection_token]
       end

Reply via email to