diff options
| author | Xavier Noria <fxn@hashref.com> | 2010-09-14 01:35:44 +0200 |
|---|---|---|
| committer | Xavier Noria <fxn@hashref.com> | 2010-09-14 01:35:44 +0200 |
| commit | 0207bc7cc980e3f1d15fc59f611eff05e2e35035 (patch) | |
| tree | 1e546402d164bfa2b47da913a60fb3f925b9b70f | |
| parent | d8d8334a0be51e8c34876699d9101bf390761f11 (diff) | |
| download | rails-0207bc7cc980e3f1d15fc59f611eff05e2e35035.tar.gz rails-0207bc7cc980e3f1d15fc59f611eff05e2e35035.tar.bz2 rails-0207bc7cc980e3f1d15fc59f611eff05e2e35035.zip | |
get csrf_meta_tag back to the generated layout in deference to existing printed material, chomp also the generated HTML to be faithful to the output before the refactor
4 files changed, 4 insertions, 4 deletions
diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb index 092855b578..65c8debc76 100644 --- a/actionpack/lib/action_view/helpers/csrf_helper.rb +++ b/actionpack/lib/action_view/helpers/csrf_helper.rb @@ -17,7 +17,7 @@ module ActionView # Note that regular forms generate hidden fields, and that Ajax calls are whitelisted, # so they do not use these tags. def csrf_meta_tags - <<-METAS.strip_heredoc.html_safe if protect_against_forgery? + <<-METAS.strip_heredoc.chomp.html_safe if protect_against_forgery? <meta name="csrf-param" content="#{Rack::Utils.escape_html(request_forgery_protection_token)}"/> <meta name="csrf-token" content="#{Rack::Utils.escape_html(form_authenticity_token)}"/> METAS diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 7e169431f4..5af25a0894 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -220,7 +220,7 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase test 'should emit a csrf-token meta tag' do ActiveSupport::SecureRandom.stubs(:base64).returns(@token + '<=?') get :meta - assert_equal <<-METAS.strip_heredoc, @response.body + assert_equal <<-METAS.strip_heredoc.chomp, @response.body <meta name="csrf-param" content="authenticity_token"/> <meta name="csrf-token" content="cf50faa3fe97702ca1ae<=?"/> METAS diff --git a/railties/guides/source/getting_started.textile b/railties/guides/source/getting_started.textile index 9eae712a93..92b9131b59 100644 --- a/railties/guides/source/getting_started.textile +++ b/railties/guides/source/getting_started.textile @@ -559,7 +559,7 @@ The view is only part of the story of how HTML is displayed in your web browser. <title>Blog</title> <%= stylesheet_link_tag :all %> <%= javascript_include_tag :defaults %> - <%= csrf_meta_tags %> + <%= csrf_meta_tag %> </head> <body style="background: #EEEEEE;"> diff --git a/railties/lib/rails/generators/rails/app/templates/app/views/layouts/application.html.erb.tt b/railties/lib/rails/generators/rails/app/templates/app/views/layouts/application.html.erb.tt index 1de78eecae..1dd112b4a6 100644 --- a/railties/lib/rails/generators/rails/app/templates/app/views/layouts/application.html.erb.tt +++ b/railties/lib/rails/generators/rails/app/templates/app/views/layouts/application.html.erb.tt @@ -4,7 +4,7 @@ <title><%= app_const_base %></title> <%%= stylesheet_link_tag :all %> <%%= javascript_include_tag :defaults %> - <%%= csrf_meta_tags %> + <%%= csrf_meta_tag %> </head> <body> |