Moved 'params[request_forgery_protection_token]' into its own method and improved tests.

author: Tom Kadwill <tomkadwill@gmail.com> 2014-05-02 15:54:35 +0100
committer: Tom Kadwill <tomkadwill@gmail.com> 2014-05-06 14:58:30 +0100
commit: 7d5a858e5ce54d449066ad0a00917248475fa7f0 (patch)
tree: a7963435906cc460feab0033f714097e1fbd45c6 /actionpack/lib
parent: e167a54785e319c526b638d591eaca0c4da93a54 (diff)
download: rails-7d5a858e5ce54d449066ad0a00917248475fa7f0.tar.gz
rails-7d5a858e5ce54d449066ad0a00917248475fa7f0.tar.bz2
rails-7d5a858e5ce54d449066ad0a00917248475fa7f0.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index e3b1f5ae7c..1355fe87d0 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -247,7 +247,7 @@ module ActionController #:nodoc:
       # * Does the X-CSRF-Token header match the form_authenticity_token
       def verified_request?
         !protect_against_forgery? || request.get? || request.head? ||
-          form_authenticity_token == params[request_forgery_protection_token] ||
+          form_authenticity_token == form_authenticity_param ||
           form_authenticity_token == request.headers['X-CSRF-Token']
       end
author	Tom Kadwill <tomkadwill@gmail.com>	2014-05-02 15:54:35 +0100
committer	Tom Kadwill <tomkadwill@gmail.com>	2014-05-06 14:58:30 +0100
commit	7d5a858e5ce54d449066ad0a00917248475fa7f0 (patch)
tree	a7963435906cc460feab0033f714097e1fbd45c6 /actionpack/lib
parent	e167a54785e319c526b638d591eaca0c4da93a54 (diff)
download	rails-7d5a858e5ce54d449066ad0a00917248475fa7f0.tar.gz rails-7d5a858e5ce54d449066ad0a00917248475fa7f0.tar.bz2 rails-7d5a858e5ce54d449066ad0a00917248475fa7f0.zip