From daddbf2555f48047ae600e5db454d02b287e2c64 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 14 Mar 2013 04:30:13 -0400
Subject: [PATCH] Better handling of session errors in ajax requests - do page reload on 403 Forbidden response (#1488960)

---
 program/js/app.js |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/program/js/app.js b/program/js/app.js
index 9f76757..637d6f5 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -6249,6 +6249,14 @@
     if (location_url && this.env.action != 'compose')  // don't redirect on compose screen, contents might get lost (#1488926)
       this.redirect(location_url);
 
+    // 403 Forbidden response (CSRF prevention) - reload the page.
+    // In case there's a new valid session it will be used, otherwise
+    // login form will be presented (#1488960).
+    if (request.status == 403) {
+      (this.is_framed() ? parent : window).location.reload();
+      return;
+    }
+
     // re-send keep-alive requests after 30 seconds
     if (action == 'keep-alive')
       setTimeout(function(){ ref.keep_alive(); ref.start_keepalive(); }, 30000);

--
Gitblit v1.9.1