Include application/javascript when checking content_type

author: Gabriel Jaldon <gjaldon85@gmail.com> 2014-12-10 23:21:01 +0800
committer: Greg Molnar <molnargerg@gmail.com> 2018-05-27 16:17:53 +0200
commit: d3a2c53955f28e0f3dfe0403ef691b903496e957 (patch)
tree: f87e894796b322fe05b25ef831ad7cec5c359105 /actionpack/lib/action_controller/metal/request_forgery_protection.rb
parent: 17bf62033edd4f0934c9f4a9e0c7a5f0f765975b (diff)
download: rails-d3a2c53955f28e0f3dfe0403ef691b903496e957.tar.gz
rails-d3a2c53955f28e0f3dfe0403ef691b903496e957.tar.bz2
rails-d3a2c53955f28e0f3dfe0403ef691b903496e957.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 953f3c47ed..df15c45470 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -275,7 +275,7 @@ module ActionController #:nodoc:
 
       # Check for cross-origin JavaScript responses.
       def non_xhr_javascript_response? # :doc:
-        content_type =~ %r(\Atext/javascript) && !request.xhr?
+        content_type =~ %r(\A(text|application)/javascript) && !request.xhr?
       end
 
       AUTHENTICITY_TOKEN_LENGTH = 32
author	Gabriel Jaldon <gjaldon85@gmail.com>	2014-12-10 23:21:01 +0800
committer	Greg Molnar <molnargerg@gmail.com>	2018-05-27 16:17:53 +0200
commit	d3a2c53955f28e0f3dfe0403ef691b903496e957 (patch)
tree	f87e894796b322fe05b25ef831ad7cec5c359105 /actionpack/lib/action_controller/metal/request_forgery_protection.rb
parent	17bf62033edd4f0934c9f4a9e0c7a5f0f765975b (diff)
download	rails-d3a2c53955f28e0f3dfe0403ef691b903496e957.tar.gz rails-d3a2c53955f28e0f3dfe0403ef691b903496e957.tar.bz2 rails-d3a2c53955f28e0f3dfe0403ef691b903496e957.zip