From 35906f26e24467c52b6cf09346abe57444e5963a Mon Sep 17 00:00:00 2001
From: Star Rauchenberger <fefferburbia@gmail.com>
Date: Sat, 21 Oct 2023 13:07:44 -0400
Subject: Quote submission uses null session for api calls
---
app/controllers/quotes_controller.rb | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/app/controllers/quotes_controller.rb b/app/controllers/quotes_controller.rb
index f7445da..cad7dfd 100644
--- a/app/controllers/quotes_controller.rb
+++ b/app/controllers/quotes_controller.rb
@@ -1,4 +1,6 @@
class QuotesController < ApplicationController
+ protect_from_forgery with: :null_session, if: -> { request.format.json? or request.format.xml? }
+
def index
@quote = Quote.find(310)
@qnumber = Quote.published.count
@@ -65,7 +67,13 @@ class QuotesController < ApplicationController
unless @quote.valid?
flash.alert = "Error submitting quote."
- render :new
+
+ respond_to do |format|
+ format.html { render :new }
+ format.json { render json: { error: "Error submitting quote." }, status: :bad_request }
+ format.xml { render xml: { error: "Error submitting quote." }, status: :bad_request }
+ end
+
return
end
@@ -74,7 +82,11 @@ class QuotesController < ApplicationController
@quote.save!
flash[:notice] = "Thank you for submitting your quote!"
- redirect_to @quote
+ respond_to do |format|
+ format.html { redirect_to @quote }
+ format.json { render json: @quote }
+ format.xml { render xml: @quote }
+ end
else
@quote.state = :pending
@quote.save!
@@ -82,7 +94,11 @@ class QuotesController < ApplicationController
QuoteMailer.with(quote: @quote).pending_quote_email.deliver_later
flash[:notice] = "Your quote has been submitted and is pending moderation."
- redirect_to new_quote_url
+ respond_to do |format|
+ format.html { redirect_to new_quote_url }
+ format.json { render json: @quote }
+ format.xml { render xml: @quote }
+ end
end
end
--
cgit 1.4.1