diff options
| author | Santiago Pastorino <santiago@wyeworks.com> | 2013-01-28 07:25:20 -0800 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2013-01-28 07:25:20 -0800 |
| commit | 5f5a43e2f7f1075852fcf173e81c6f4b5ca8c6fa (patch) | |
| tree | 83f80701b71df16ef0546b6566448ed816a9d6c0 /actionpack/lib/action_controller/metal/request_forgery_protection.rb | |
| parent | 5f30b547c8acbf9086329e9c93a3c77768bfb1ea (diff) | |
| parent | 2ef138f0d49e92550bb74a103df7ce5074b18241 (diff) | |
| download | rails-5f5a43e2f7f1075852fcf173e81c6f4b5ca8c6fa.tar.gz rails-5f5a43e2f7f1075852fcf173e81c6f4b5ca8c6fa.tar.bz2 rails-5f5a43e2f7f1075852fcf173e81c6f4b5ca8c6fa.zip | |
Merge pull request #9032 from firmhouse/head-breaks-csrf
Make HEAD work / convert to GET once more
Diffstat (limited to 'actionpack/lib/action_controller/metal/request_forgery_protection.rb')
| -rw-r--r-- | actionpack/lib/action_controller/metal/request_forgery_protection.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 2d5ba0024e..77b173979e 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -163,11 +163,11 @@ module ActionController #:nodoc: # Returns true or false if a request is verified. Checks: # - # * is it a GET request? Gets should be safe and idempotent + # * is it a GET or HEAD request? Gets should be safe and idempotent # * Does the form_authenticity_token match the given token value from the params? # * Does the X-CSRF-Token header match the form_authenticity_token def verified_request? - !protect_against_forgery? || request.get? || + !protect_against_forgery? || request.get? || request.head? || form_authenticity_token == params[request_forgery_protection_token] || form_authenticity_token == request.headers['X-CSRF-Token'] end |