diff options
author | Dan Pickett <dpickett@enlightsolutions.com> | 2011-02-06 11:19:02 -0500 |
---|---|---|
committer | Santiago Pastorino <santiago@wyeworks.com> | 2011-02-06 19:04:52 -0200 |
commit | 3026843dc1ff42a632ebe989e1f6dfadb0cd10a5 (patch) | |
tree | a076b9ebc57861307fb07e780e77890574b4dd7f | |
parent | a3f5d7159d00a0c7c7d79d15652028ac13df30af (diff) | |
download | rails-3026843dc1ff42a632ebe989e1f6dfadb0cd10a5.tar.gz rails-3026843dc1ff42a632ebe989e1f6dfadb0cd10a5.tar.bz2 rails-3026843dc1ff42a632ebe989e1f6dfadb0cd10a5.zip |
put authenticity_token option in parity w/ remote
[#6228 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
-rw-r--r-- | actionpack/lib/action_view/helpers/form_helper.rb | 9 | ||||
-rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 4 |
2 files changed, 7 insertions, 6 deletions
diff --git a/actionpack/lib/action_view/helpers/form_helper.rb b/actionpack/lib/action_view/helpers/form_helper.rb index 408a3b6721..d30fd248c1 100644 --- a/actionpack/lib/action_view/helpers/form_helper.rb +++ b/actionpack/lib/action_view/helpers/form_helper.rb @@ -304,16 +304,15 @@ module ActionView # When you build forms to external resources sometimes you need to set an authenticity token or just render a form # without it, for example when you submit data to a payment gateway number and types of fields could be limited. # - # To set an authenticity token you need to pass an <tt>:authenticity_token</tt> parameter in the <tt>:html</tt> - # options section: + # To set an authenticity token you need to pass an <tt>:authenticity_token</tt> parameter # - # <%= form_for @invoice, :url => external_url, :html => { :authenticity_token => 'external_token' } do |f| + # <%= form_for @invoice, :url => external_url, :authenticity_token => 'external_token' do |f| # ... # <% end %> # # If you don't want to an authenticity token field be rendered at all just pass <tt>false</tt>: # - # <%= form_for @invoice, :url => external_url, :html => { :authenticity_token => false } do |f| + # <%= form_for @invoice, :url => external_url, :authenticity_token => false do |f| # ... # <% end %> def form_for(record, options = {}, &proc) @@ -332,6 +331,8 @@ module ActionView end options[:html][:remote] = options.delete(:remote) + options[:html][:authenticity_token] = options.delete(:authenticity_token) + builder = options[:parent_builder] = instantiate_builder(object_name, object, options, &proc) fields_for = fields_for(object_name, object, options, &proc) default_options = builder.multipart? ? { :multipart => true } : {} diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 4f4de0cbee..68d4c6a57c 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -29,11 +29,11 @@ module RequestForgeryProtectionActions end def external_form_for - render :inline => "<%= form_for(:some_resource, :html => { :authenticity_token => 'external_token' }) {} %>" + render :inline => "<%= form_for(:some_resource, :authenticity_token => 'external_token') {} %>" end def form_for_without_protection - render :inline => "<%= form_for(:some_resource, :html => { :authenticity_token => false }) {} %>" + render :inline => "<%= form_for(:some_resource, :authenticity_token => false ) {} %>" end def rescue_action(e) raise e end |