discourse/app/views/layouts/application.html.erb
Sam 42494b5bb1 we can't trust CSRF for anon the way it is designed.
The page they have loaded may be cached we need a different way of delivering the CSRF potentially
2013-05-03 16:43:11 +10:00

77 lines
2.5 KiB
Text

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title><%= content_for?(:title) ? yield(:title) + ' - ' + SiteSetting.title : SiteSetting.title %></title>
<meta content="width=device-width, initial-scale=1.0" name="viewport">
<meta content="" name="description">
<meta content="" name="author">
<%= canonical_link_tag %>
<link rel="icon" type="image/png" href=<%=SiteSetting.favicon_url%>>
<%= javascript_include_tag "preload_store" %>
<%= render :partial => "common/special_font_face" %>
<%= render :partial => "common/discourse_stylesheet" %>
<%= discourse_csrf_tags %>
<%= yield :head %>
</head>
<body>
<!--[if IE 9]><script type="text/javascript">ie = "new";</script><![endif]-->
<%=SiteCustomization.custom_header(session[:preview_style])%>
<section id='main'>
<noscript data-path="<%= request.env['PATH_INFO'] %>">
<header class="d-header">
<div class="container">
<div class="contents">
<div class="row">
<div class="title span13">
<a href="/"><img src="<%=SiteSetting.logo_url%>" alt="<%=SiteSetting.title%>" id="site-logo"></a>
</div>
</div>
</div>
</div>
</header>
<div id="main-outlet" class="container">
<!-- preload-content: -->
<%= yield %>
<!-- :preload-content -->
</div>
</noscript>
</section>
<% unless current_user %>
<form id='hidden-login-form' method="post" action="<%=login_path%>" style="display: none;">
<input name="username" type="text" id="signin_username">
<input name="password" type="password" id="signin_password">
<input name="redirect" type="hidden">
<input name="authenticity_token" type="hidden" />
<input type="submit" id="signin-button" value="Log In">
</form>
<% end %>
<%- if @preloaded.present? %>
<script>
<%- @preloaded.each do |key, json| %>
PreloadStore.store("<%= key %>",<%= raw json %>);
<% end %>
</script>
<%- end %>
<%= yield :data %>
<footer id='bottom'></footer>
<%= render :partial => "common/discourse_javascript" %>
<%= render :partial => "common/persona_javascript" if !current_user && SiteSetting.enable_persona_logins %>
<%= render_google_analytics_code %>
<!-- Discourse Version: <%= Discourse::VERSION::STRING %> -->
<!-- Git Version: <%= Discourse.git_version %> -->
</body>
</html>