diff options
| author | Carl Lerche <carllerche@mac.com> | 2010-03-08 14:02:41 -0800 |
|---|---|---|
| committer | Carl Lerche <carllerche@mac.com> | 2010-03-08 14:02:41 -0800 |
| commit | 01f0e47663bbbc593af0c36d4cf49124b200e3d8 (patch) | |
| tree | 3735f3d1012d77435a1e9f6afcbdd51d43f82723 /actionpack/lib/action_controller/metal/request_forgery_protection.rb | |
| parent | 0045f37681acdb8fe844fb8118e93cfe9d73140d (diff) | |
| download | rails-01f0e47663bbbc593af0c36d4cf49124b200e3d8.tar.gz rails-01f0e47663bbbc593af0c36d4cf49124b200e3d8.tar.bz2 rails-01f0e47663bbbc593af0c36d4cf49124b200e3d8.zip | |
Move request forgery protection configuration to the AC config object
This is an interim solution pending revisiting the rails
framework configuration situation.
Diffstat (limited to 'actionpack/lib/action_controller/metal/request_forgery_protection.rb')
| -rw-r--r-- | actionpack/lib/action_controller/metal/request_forgery_protection.rb | 45 |
1 files changed, 41 insertions, 4 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 276c703307..6765314df2 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -12,11 +12,10 @@ module ActionController #:nodoc: included do # Sets the token parameter name for RequestForgery. Calling +protect_from_forgery+ # sets it to <tt>:authenticity_token</tt> by default. - cattr_accessor :request_forgery_protection_token + config.request_forgery_protection_token ||= true # Controls whether request forgergy protection is turned on or not. Turned off by default only in test mode. - class_attribute :allow_forgery_protection - self.allow_forgery_protection = true + config.allow_forgery_protection ||= true helper_method :form_authenticity_token helper_method :protect_against_forgery? @@ -80,9 +79,47 @@ module ActionController #:nodoc: self.request_forgery_protection_token ||= :authenticity_token before_filter :verify_authenticity_token, options end + + def request_forgery_protection_token + config.request_forgery_protection_token + end + + def request_forgery_protection_token=(val) + config.request_forgery_protection_token = val + end + + def allow_forgery_protection + config.allow_forgery_protection + end + + def allow_forgery_protection=(val) + config.allow_forgery_protection = val + end end protected + + def protect_from_forgery(options = {}) + self.request_forgery_protection_token ||= :authenticity_token + before_filter :verify_authenticity_token, options + end + + def request_forgery_protection_token + config.request_forgery_protection_token + end + + def request_forgery_protection_token=(val) + config.request_forgery_protection_token = val + end + + def allow_forgery_protection + config.allow_forgery_protection + end + + def allow_forgery_protection=(val) + config.allow_forgery_protection = val + end + # The actual before_filter that is used. Modify this to change how you handle unverified requests. def verify_authenticity_token verified_request? || raise(ActionController::InvalidAuthenticityToken) @@ -109,7 +146,7 @@ module ActionController #:nodoc: end def protect_against_forgery? - self.class.allow_forgery_protection + config.allow_forgery_protection end end end |