mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
dabb587cbb
Base64 strict-encoded CSRF tokens are not inherently websafe, which makes them difficult to deal with. For example, the common practice of sending the CSRF token to a browser in a client-readable cookie does not work properly out of the box: the value has to be url-encoded and decoded to survive transport. Now, we generate Base64 urlsafe-encoded CSRF tokens, which are inherently safe to transport. Validation accepts both urlsafe tokens, and strict-encoded tokens for backwards compatibility. |
||
---|---|---|
.. | ||
abstract | ||
assertions | ||
controller | ||
dispatch | ||
fixtures | ||
journey | ||
lib | ||
routing | ||
abstract_unit.rb |