kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Add text/plain to the browser_generated_types array as webkit and gecko can submit them.

Browse source 
For more information see:

http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
This commit is contained in:
Michael Koziarski 2008-11-16 20:19:02 +01:00
parent 2530d0eea8
commit 8c197fb4ab
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
actionpack/lib/action_controller/mime_type.rb
View file

@ -25,7 +25,7 @@ module Mime
# These are the content types which browsers can generate without using ajax, flash, etc # These are the content types which browsers can generate without using ajax, flash, etc
# i.e. following a link, getting an image or posting a form. CSRF protection # i.e. following a link, getting an image or posting a form. CSRF protection
# only needs to protect against these types. # only needs to protect against these types.
@@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form] @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text]
cattr_reader :browser_generated_types cattr_reader :browser_generated_types
@ -177,7 +177,7 @@ module Mime
end end
# Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See # Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See
# ActionController::RequestForgerProtection. # ActionController::RequestForgeryProtection.
def verify_request? def verify_request?
browser_generated? browser_generated?
end end