Navigation

Changeset 8601

Timestamp:

01/08/08 21:22:01 (6 months ago)

Author:

nzkoz

Message:

Don't append the forgery token to an ajax request if it's serializing a form, prevents duplicate tokens. References #10684 [macournoyer]

Files:

r8323	r8601
1020	1020	end
1021	1021
1022		if protect_against_forgery?
	1022	if protect_against_forgery? && !options[:form]
1023	1023	if js_options['parameters']
1024	1024	js_options['parameters'] << " + '&"

r7719	r8601
23	23	end
24	24
	25	def remote_form
	26	render :inline => "<% form_remote_tag(:url => '/') {} %>"
	27	end
	28
25	29	def unsafe
26	30	render :text => 'pwn'
…	…
76	80	end
77	81
	82	def test_should_render_remote_form_with_only_one_token_parameter
	83	get :remote_form
	84	assert_equal 1, @response.body.scan(@token).size
	85	end
	86
78	87	def test_should_allow_get
79	88	get :index