Bug#569811: marked as done (rails: xhr requests return error 500 (patch provided))

Tue, 25 May 2010 12:06:30 -0700 

Your message dated Tue, 25 May 2010 21:04:04 +0200
with message-id <[email protected]>
and subject line Fixed in 2.3.5-1
has caused the Debian Bug report #569811,
regarding rails: xhr requests return error 500 (patch provided)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
569811: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569811
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: rails
Version: 2.2.3-2
Severity: normal

In package redmine, xhr requests always return error 500.
It does not happen with the provided (very simple) patch,
which i took from rails 2.3.5.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-2-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rails depends on:
ii  libbuilder-ruby              2.1.2-1     Ruby library to facilitate program
ii  liberb-ruby                  4.2         transitional dummy package
ii  libjs-prototype              1.6.1-1     JavaScript Framework for dynamic w
ii  libredcloth-ruby1.8          4.2.2-1     Textile module for Ruby 1.8
ii  libruby [liberb-ruby]        4.2         Libraries necessary to run Ruby 1.
ii  libruby1.8-extras            0.5         a bundle of additional libraries f
ii  libsqlite3-ruby              1.2.4-2     SQLite3 interface for Ruby
ii  libxml-simple-ruby           1.0.12-1    Simple Ruby API for reading and wr
ii  rake                         0.8.7-1     a ruby build program
ii  rdoc                         4.2         Generate documentation from ruby s
ii  ruby                         4.2         An interpreter of object-oriented 
ii  ruby1.8                      1.8.7.249-1 Interpreter of object-oriented scr

Versions of packages rails recommends:
ii  irb                           4.2        Interactive Ruby (irb)
ii  libmocha-ruby                 0.9.8-1    Mocking and stubbing library for R

Versions of packages rails suggests:
pn  libapache2-mod-ruby | libapac <none>     (no description available)
ii  libfcgi-ruby1.8 [libfcgi-ruby 0.8.8-1    FastCGI library for Ruby

-- no debconf information

diff --git a/actionpack/lib/action_controller/request_forgery_protection.rb b/actionpack/lib/action_controller/request_forgery_protection.rb
index 3e0e94a..1dc6ad6 100644
--- a/actionpack/lib/action_controller/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/request_forgery_protection.rb
@@ -94,6 +94,7 @@ module ActionController #:nodoc:
       def verified_request?
         !protect_against_forgery?     ||
           request.method == :get      ||
+          request.xhr?                ||
           !verifiable_request_format? ||
           form_authenticity_token == params[request_forgery_protection_token]
       end

--- End Message ---
--- Begin Message --- 
Version: 2.3.5-1

Closing as this bug is fixed in 2.3.5-1

Laurent Bigonville

--- End Message ---

Reply via email to