Merge branch '254826-fix-csrf-failure-when-updating-theme' into 'master'

Fix CSRF exception when updating theme See merge request gitlab-org/gitlab!43073

Merge branch '254826-fix-csrf-failure-when-updating-theme' into 'master'
Fix CSRF exception when updating theme See merge request gitlab-org/gitlab!43073
b27f1d9a · Mike Greiling · 70a2fd8b · 5ee62580 · b27f1d9a · b27f1d9a
Commit b27f1d9a authored Sep 23, 2020 by Mike Greiling
Show whitespace changes
Inline Side-by-side

Showing with 12 additions and 3 deletions

app/assets/javascripts/profile/profile.js app/assets/javascripts/profile/profile.js +8 -3

spec/support/capybara.rb spec/support/capybara.rb +4 -0

No files found.
--- a/app/assets/javascripts/profile/profile.js
+++ b/app/assets/javascripts/profile/profile.js
 import $ from 'jquery';
 import axios from '~/lib/utils/axios_utils';
+import { Rails } from '~/lib/utils/rails_ujs';
 import { deprecatedCreateFlash as flash } from '../flash';
 import { parseBoolean } from '~/lib/utils/common_utils';
 import TimezoneDropdown, {
@@ -48,9 +49,13 @@ export default class Profile {
  }

  submitForm() {
-    return $(this)
-      .parents('form')
-      .submit();
+    const $form = $(this).parents('form');
+
+    if ($form.data('remote')) {
+      Rails.fire($form[0], 'submit');
+    } else {
+      $form.submit();
+    }
  }

  onSubmitForm(e) {

--- a/spec/support/capybara.rb
+++ b/spec/support/capybara.rb
@@ -123,6 +123,10 @@ RSpec.configure do |config|
      port: session.server.port,
      protocol: 'http')

+    # CSRF protection is disabled by default. We only enable this for JS specs because some forms
+    # require Javascript to set the CSRF token.
+    allow_any_instance_of(ActionController::Base).to receive(:protect_against_forgery?).and_return(true)
+
    # reset window size between tests
    unless session.current_window.size == CAPYBARA_WINDOW_SIZE
      begin