mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Expose CSRF param name also
This commit is contained in:
parent
09a88a347d
commit
2191aa47ac
2 changed files with 2 additions and 2 deletions
|
@ -4,7 +4,7 @@ module ActionView
|
||||||
# Returns a meta tag with the request forgery protection token for forms to use. Put this in your head.
|
# Returns a meta tag with the request forgery protection token for forms to use. Put this in your head.
|
||||||
def csrf_meta_tag
|
def csrf_meta_tag
|
||||||
if protect_against_forgery?
|
if protect_against_forgery?
|
||||||
%(<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
|
%(<meta name="csrf-param" content="#{Rack::Utils.escape(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -218,7 +218,7 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase
|
||||||
|
|
||||||
test 'should emit a csrf-token meta tag' do
|
test 'should emit a csrf-token meta tag' do
|
||||||
get :meta
|
get :meta
|
||||||
assert_equal %(<meta name="csrf-token" content="#{@token}"/>), @response.body
|
assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="#{@token}"/>), @response.body
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue