From 35906f26e24467c52b6cf09346abe57444e5963a Mon Sep 17 00:00:00 2001 From: Star Rauchenberger Date: Sat, 21 Oct 2023 13:07:44 -0400 Subject: Quote submission uses null session for api calls --- app/controllers/quotes_controller.rb | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/quotes_controller.rb b/app/controllers/quotes_controller.rb index f7445da..cad7dfd 100644 --- a/app/controllers/quotes_controller.rb +++ b/app/controllers/quotes_controller.rb @@ -1,4 +1,6 @@ class QuotesController < ApplicationController + protect_from_forgery with: :null_session, if: -> { request.format.json? or request.format.xml? } + def index @quote = Quote.find(310) @qnumber = Quote.published.count @@ -65,7 +67,13 @@ class QuotesController < ApplicationController unless @quote.valid? flash.alert = "Error submitting quote." - render :new + + respond_to do |format| + format.html { render :new } + format.json { render json: { error: "Error submitting quote." }, status: :bad_request } + format.xml { render xml: { error: "Error submitting quote." }, status: :bad_request } + end + return end @@ -74,7 +82,11 @@ class QuotesController < ApplicationController @quote.save! flash[:notice] = "Thank you for submitting your quote!" - redirect_to @quote + respond_to do |format| + format.html { redirect_to @quote } + format.json { render json: @quote } + format.xml { render xml: @quote } + end else @quote.state = :pending @quote.save! @@ -82,7 +94,11 @@ class QuotesController < ApplicationController QuoteMailer.with(quote: @quote).pending_quote_email.deliver_later flash[:notice] = "Your quote has been submitted and is pending moderation." - redirect_to new_quote_url + respond_to do |format| + format.html { redirect_to new_quote_url } + format.json { render json: @quote } + format.xml { render xml: @quote } + end end end -- cgit 1.4.1