Changed request forgery protection to only worry about HTML-formatted content requests.

Signed-off-by: Michael Koziarski <michael@koziarski.com>
author: Jeff Cohen <cohen.jeff@gmail.com> 2008-10-31 23:10:44 -0500
committer: Michael Koziarski <michael@koziarski.com> 2008-11-13 11:23:21 +0100
commit: fbbcd6f29aeccc938b97b5c01717365f8b67912c (patch)
tree: 1328775dc257448c0289cd9b9045d5fc7874d29c /actionpack/lib/action_controller/request_forgery_protection.rb
parent: 02df503d3b4db7a3e7fabe1403c388a059f905b8 (diff)
download: rails-fbbcd6f29aeccc938b97b5c01717365f8b67912c.tar.gz
rails-fbbcd6f29aeccc938b97b5c01717365f8b67912c.tar.bz2
rails-fbbcd6f29aeccc938b97b5c01717365f8b67912c.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/request_forgery_protection.rb b/actionpack/lib/action_controller/request_forgery_protection.rb
index 05a6d8bb79..3e0e94a06b 100644
--- a/actionpack/lib/action_controller/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/request_forgery_protection.rb
@@ -99,7 +99,7 @@ module ActionController #:nodoc:
       end
     
       def verifiable_request_format?
-        request.content_type.nil? || request.content_type.verify_request?
+        !request.content_type.nil? && request.content_type.verify_request?
       end
     
       # Sets the token value for the current session.  Pass a <tt>:secret</tt> option
author	Jeff Cohen <cohen.jeff@gmail.com>	2008-10-31 23:10:44 -0500
committer	Michael Koziarski <michael@koziarski.com>	2008-11-13 11:23:21 +0100
commit	fbbcd6f29aeccc938b97b5c01717365f8b67912c (patch)
tree	1328775dc257448c0289cd9b9045d5fc7874d29c /actionpack/lib/action_controller/request_forgery_protection.rb
parent	02df503d3b4db7a3e7fabe1403c388a059f905b8 (diff)
download	rails-fbbcd6f29aeccc938b97b5c01717365f8b67912c.tar.gz rails-fbbcd6f29aeccc938b97b5c01717365f8b67912c.tar.bz2 rails-fbbcd6f29aeccc938b97b5c01717365f8b67912c.zip