mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
2a986200b9
The session is used by the form_authenticity_token method before it is
tested to be valid. This patch moves a few lines around so that the
session is validated first.
Without this patch, if you try to use forgery protection with sessions
turned off, you get this exception message:
undefined method `session_id' for {}:Hash
The patch includes a test that can be used to see this behavior before
the request_forgery_protection.rb file is patched to fix it.
|
||
|---|---|---|
| .. | ||
| activerecord | ||
| controller | ||
| fixtures | ||
| template | ||
| abstract_unit.rb | ||
| active_record_unit.rb | ||
| adv_attr_test.rb | ||
| testing_sandbox.rb | ||