mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
dabb587cbb
Base64 strict-encoded CSRF tokens are not inherently websafe, which makes them difficult to deal with. For example, the common practice of sending the CSRF token to a browser in a client-readable cookie does not work properly out of the box: the value has to be url-encoded and decoded to survive transport. Now, we generate Base64 urlsafe-encoded CSRF tokens, which are inherently safe to transport. Validation accepts both urlsafe tokens, and strict-encoded tokens for backwards compatibility. |
||
|---|---|---|
| .. | ||
| abstract | ||
| assertions | ||
| controller | ||
| dispatch | ||
| fixtures | ||
| journey | ||
| lib | ||
| routing | ||
| abstract_unit.rb | ||