From ee5c1d631ad38e5dc851816857bdebf911a1bea2 Mon Sep 17 00:00:00 2001
From: Daniel Parnell <me@danielparnell.com>
Date: Sat, 5 Jul 2014 16:02:53 +1000
Subject: [PATCH] Force the content type to text/javascript for JSONP requests

---
 app/controllers/scripts_controller.rb | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/app/controllers/scripts_controller.rb b/app/controllers/scripts_controller.rb
index 938ed4d..d2de4b6 100644
--- a/app/controllers/scripts_controller.rb
+++ b/app/controllers/scripts_controller.rb
@@ -1,6 +1,7 @@
 class ScriptsController < ApplicationController
   respond_to :html, :json, :xml
   before_filter :load_script, only: [:view, :destroy]
+  skip_before_action :verify_authenticity_token, if: :json_request?
 
   def create
 
@@ -40,7 +41,13 @@ def view
     response.headers.except! 'X-Frame-Options'
 
     respond_with @script do |format|
-      format.json { render :json => @script.to_json, :callback => params[:callback] }
+      format.json {
+        if params[:callback]
+          render :json => @script.to_json, :callback => params[:callback], :content_type => 'text/javascript'
+        else
+          render :json => @script.to_json
+        end
+      }
     end
   end
 
@@ -74,6 +81,10 @@ def destroy
 
   private
 
+  def json_request?
+    request.format.json?
+  end
+
   def load_script
     @script = Script.find_by_slug(params[:slug])
   end