diff options
author | Jeremy Kemper <jeremy@bitsweat.net> | 2008-07-17 11:52:56 -0700 |
---|---|---|
committer | Jeremy Kemper <jeremy@bitsweat.net> | 2008-07-17 11:52:56 -0700 |
commit | 636e6b7138864ceb1e309939cd879e710b287f3e (patch) | |
tree | 2a36dfef02f706302a20bb5b2d428b32e9af97f0 /actionpack/lib/action_controller/request_forgery_protection.rb | |
parent | 842917dea0cfdf70f158a312cc1f77f769791d8c (diff) | |
parent | 99930d499e424f4560b371412e05d10476216ece (diff) | |
download | rails-636e6b7138864ceb1e309939cd879e710b287f3e.tar.gz rails-636e6b7138864ceb1e309939cd879e710b287f3e.tar.bz2 rails-636e6b7138864ceb1e309939cd879e710b287f3e.zip |
Merge branch 'master' into i18n-merge
Conflicts:
actionpack/lib/action_view/helpers/form_options_helper.rb
activerecord/lib/active_record/validations.rb
Diffstat (limited to 'actionpack/lib/action_controller/request_forgery_protection.rb')
-rw-r--r-- | actionpack/lib/action_controller/request_forgery_protection.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/request_forgery_protection.rb b/actionpack/lib/action_controller/request_forgery_protection.rb index 02c9d59d07..05a6d8bb79 100644 --- a/actionpack/lib/action_controller/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/request_forgery_protection.rb @@ -17,7 +17,7 @@ module ActionController #:nodoc: # forged link from another site, is done by embedding a token based on the session (which an attacker wouldn't know) in all # forms and Ajax requests generated by Rails and then verifying the authenticity of that token in the controller. Only # HTML/JavaScript requests are checked, so this will not protect your XML API (presumably you'll have a different authentication - # scheme there anyway). Also, GET requests are not protected as these should be indempotent anyway. + # scheme there anyway). Also, GET requests are not protected as these should be idempotent anyway. # # This is turned on with the <tt>protect_from_forgery</tt> method, which will check the token and raise an # ActionController::InvalidAuthenticityToken if it doesn't match what was expected. You can customize the error message in |