mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
be more specific about csrf token and ajax - not whitelisted outside of jquery-rails [ci skip]
This commit is contained in:
parent
9281adc64a
commit
08525e3ef1
1 changed files with 5 additions and 2 deletions
|
@ -12,8 +12,11 @@ module ActionView
|
||||||
# These are used to generate the dynamic forms that implement non-remote links with
|
# These are used to generate the dynamic forms that implement non-remote links with
|
||||||
# <tt>:method</tt>.
|
# <tt>:method</tt>.
|
||||||
#
|
#
|
||||||
# Note that regular forms generate hidden fields, and that Ajax calls are whitelisted,
|
# You don't need to use these tags for regular forms as they generate their own hidden fields.
|
||||||
# so they do not use these tags.
|
#
|
||||||
|
# For AJAX requests other than GETs, extract the "csrf-token" from the meta-tag and send as the
|
||||||
|
# "X-CSRF-Token" HTTP header. If you are using jQuery with jquery-rails this happens automatically.
|
||||||
|
#
|
||||||
def csrf_meta_tags
|
def csrf_meta_tags
|
||||||
if protect_against_forgery?
|
if protect_against_forgery?
|
||||||
[
|
[
|
||||||
|
|
Loading…
Reference in a new issue