-
John Edmonds authored
Diaspora added an X-CSRF-Token header to XHR made by fileupload. Since fileupload doesn't think Opera supports XHR, it builds a form and submits that instead. By adding a hidden authenticity_token to the form, Opera can submit the form without logging the user out.
8a44b384