From 9e60f9f0936117e6343dfd746d67bbef6500c80d Mon Sep 17 00:00:00 2001
From: Victor van Poppelen <vvanpo@gmail.com>
Date: Thu, 16 Mar 2017 16:47:18 -0700
Subject: [PATCH] JSON API parsing error on CSRF exception: single quotes in
 ['BAD CSRF'] is invalid JSON:
 https://meta.discourse.org/t/json-api-parsing-error-single-quotes-used-for-errors-like-bad-csrf/58869

---
 app/assets/javascripts/discourse/lib/ajax.js.es6 | 2 +-
 app/controllers/application_controller.rb        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/assets/javascripts/discourse/lib/ajax.js.es6 b/app/assets/javascripts/discourse/lib/ajax.js.es6
index 612d1614994..98e65ed9c08 100644
--- a/app/assets/javascripts/discourse/lib/ajax.js.es6
+++ b/app/assets/javascripts/discourse/lib/ajax.js.es6
@@ -69,7 +69,7 @@ export function ajax() {
     args.error = (xhr, textStatus, errorThrown) => {
       // note: for bad CSRF we don't loop an extra request right away.
       //  this allows us to eliminate the possibility of having a loop.
-      if (xhr.status === 403 && xhr.responseText === "['BAD CSRF']") {
+      if (xhr.status === 403 && xhr.responseText === "[\"BAD CSRF\"]") {
         Discourse.Session.current().set('csrfToken', null);
       }
 
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0eae8c24ba8..112727bf28d 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -29,7 +29,7 @@ class ApplicationController < ActionController::Base
     unless is_api? || is_user_api?
       super
       clear_current_user
-      render text: "['BAD CSRF']", status: 403
+      render text: "[\"BAD CSRF\"]", status: 403
     end
   end