Closed justqyx closed 10 years ago
Left a comment on the commit that introduced this asking for clarification. I'd like a little more background about this, and you'll want to remove the commented-out line if we're going to merge this.
I'm not sure why the cookie is changing.
It's an or condition so I'm not sure why removing the swf check would cause this to fail. Are you sure you're sending your csrf token with the ajax request? Also, Chrome will not send the Adobe Flash user agent, just the browser agent so your change will break chrome.
Closing due to lack of feedback.
when the browser download the swf from our server
this code will be executed, and then the cookie will be changed. So if the browser senf an ajax request, it will be fail with the error
Can't verify CSRF token authenticity
. And I have to sign in again!So i think maybe it should only be