kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actionpack/test
History
Michael Koziarski ae19e4141f Change the CSRF whitelisting to only apply to get requests 
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:

 X-CSRF-Token: ...

This fixes CVE-2011-0447
2011-02-08 14:57:08 -08:00
..
abstract removing usesless variable assignments 2011-01-18 15:52:56 -08:00
activerecord Replace rudimentary named_scope with scope. [#6052 state:resolved] 2010-12-15 14:02:30 -08:00
controller Change the CSRF whitelisting to only apply to get requests 2011-02-08 14:57:08 -08:00
dispatch Use Mime::Type references. 2011-02-08 14:14:26 -08:00
fixtures Add a test for 'render :layout' 2011-02-03 12:55:32 -02:00
lib Fix tests on 1.9.2. 2010-11-28 12:48:50 +01:00
template Use Mime::Type references. 2011-02-08 14:14:26 -08:00
tmp Use safe tmp dir 2009-08-13 21:03:25 -05:00
abstract_unit.rb do not require ruby-debug automatically. please require it if you have declared it as a dependency 2010-11-19 16:26:09 -08:00
active_record_unit.rb Autoload AR test case 2010-01-04 16:50:01 -06:00
ts_isolated.rb Give useful test:isolated failures 2009-11-04 12:44:06 -08:00