diff --git a/actionpack/lib/action_controller/mime_type.rb b/actionpack/lib/action_controller/mime_type.rb index 8ca3a70341..6923a13f3f 100644 --- a/actionpack/lib/action_controller/mime_type.rb +++ b/actionpack/lib/action_controller/mime_type.rb @@ -25,7 +25,7 @@ module Mime # These are the content types which browsers can generate without using ajax, flash, etc # i.e. following a link, getting an image or posting a form. CSRF protection # only needs to protect against these types. - @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form] + @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text] cattr_reader :browser_generated_types @@ -177,7 +177,7 @@ module Mime end # Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See - # ActionController::RequestForgerProtection. + # ActionController::RequestForgeryProtection. def verify_request? browser_generated? end