Rick Olson
|
5edc81dcc2
|
Allow ability to disable request forgery protection, disable it in test mode by default. Closes #9693 [lifofifo]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7668 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
2007-09-28 15:55:45 +00:00 |
David Heinemeier Hansson
|
82c1fed89f
|
Protect button_to behind protect_from_forgery (closes #9675) [lifo]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7636 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
2007-09-25 16:50:35 +00:00 |
David Heinemeier Hansson
|
bdf5672077
|
Change from InvalidToken to InvalidAuthenticityToken to be more specific
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7623 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
2007-09-24 23:12:25 +00:00 |
Rick Olson
|
c619003854
|
Rename some RequestForgeryProtection methods. The class method is now #protect_from_forgery, and the default parameter is now 'authenticity_token'. [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7596 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
2007-09-23 18:14:44 +00:00 |
Rick Olson
|
4e3ed5bc44
|
Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests. [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7592 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
2007-09-23 02:32:55 +00:00 |