No CSRF token sent in header
Closed this issue · 1 comments
#340 enabled including Rails CSRF token automatically in the header. My problem is that the code gets executed as the JS is loaded, and Rails by default puts the CSRF meta tag after application JS. The jquery executes to undefined (as the CSRF tag isn't there yet) / the header field gets dropped. I can move the csrf meta tag helper before the application JS but ...
Anything I could be doing wrong here? FWIW it looks like this was just pulled recently, quite a while after the initial PR has created.
You are right!
The default behavior Rails & ember-rails couldn't touch meta tag that includes CSRF token.
Probably we could use jquery-ujs instead of current way.
It allows us to independent from helper method order because It uses CSRF token in dynamically: https://github.com/rails/jquery-ujs/blob/v1.0.3/src/rails.js#L58-L61
WDYT @mrinterweb ?