aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/mime_type.rb
diff options
context:
space:
mode:
authorJeff Cohen <cohen.jeff@gmail.com>2008-10-31 23:10:44 -0500
committerMichael Koziarski <michael@koziarski.com>2008-11-13 11:23:21 +0100
commitfbbcd6f29aeccc938b97b5c01717365f8b67912c (patch)
tree1328775dc257448c0289cd9b9045d5fc7874d29c /actionpack/lib/action_controller/mime_type.rb
parent02df503d3b4db7a3e7fabe1403c388a059f905b8 (diff)
downloadrails-fbbcd6f29aeccc938b97b5c01717365f8b67912c.tar.gz
rails-fbbcd6f29aeccc938b97b5c01717365f8b67912c.tar.bz2
rails-fbbcd6f29aeccc938b97b5c01717365f8b67912c.zip
Changed request forgery protection to only worry about HTML-formatted content requests.
Signed-off-by: Michael Koziarski <michael@koziarski.com>
Diffstat (limited to 'actionpack/lib/action_controller/mime_type.rb')
-rw-r--r--actionpack/lib/action_controller/mime_type.rb4
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/mime_type.rb b/actionpack/lib/action_controller/mime_type.rb
index 26edca3b69..f43ae721c6 100644
--- a/actionpack/lib/action_controller/mime_type.rb
+++ b/actionpack/lib/action_controller/mime_type.rb
@@ -19,7 +19,7 @@ module Mime
# end
# end
class Type
- @@html_types = Set.new [:html, :all]
+ @@html_types = Set.new [:html, :url_encoded_form, :multipart_form, :all]
@@unverifiable_types = Set.new [:text, :json, :csv, :xml, :rss, :atom, :yaml]
cattr_reader :html_types, :unverifiable_types
@@ -167,7 +167,7 @@ module Mime
# Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See
# ActionController::RequestForgerProtection.
def verify_request?
- !@@unverifiable_types.include?(to_sym)
+ html?
end
def html?
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 10:40:53 +0000