diff options
| author | Michael Koziarski <michael@koziarski.com> | 2008-11-16 20:19:02 +0100 |
|---|---|---|
| committer | Michael Koziarski <michael@koziarski.com> | 2008-11-16 20:24:46 +0100 |
| commit | 8c197fb4ab4fa432a6e9421e0339a17a7ec296f1 (patch) | |
| tree | 5efbb2355fa3a461d75e18139cfbb429b75eb012 /actionpack/lib | |
| parent | 2530d0eea8eaecd2c61f99225f050ff47973e9a0 (diff) | |
| download | rails-8c197fb4ab4fa432a6e9421e0339a17a7ec296f1.tar.gz rails-8c197fb4ab4fa432a6e9421e0339a17a7ec296f1.tar.bz2 rails-8c197fb4ab4fa432a6e9421e0339a17a7ec296f1.zip | |
Add text/plain to the browser_generated_types array as webkit and gecko can submit them.
For more information see:
http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
Diffstat (limited to 'actionpack/lib')
| -rw-r--r-- | actionpack/lib/action_controller/mime_type.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/mime_type.rb b/actionpack/lib/action_controller/mime_type.rb index 8ca3a70341..6923a13f3f 100644 --- a/actionpack/lib/action_controller/mime_type.rb +++ b/actionpack/lib/action_controller/mime_type.rb @@ -25,7 +25,7 @@ module Mime # These are the content types which browsers can generate without using ajax, flash, etc # i.e. following a link, getting an image or posting a form. CSRF protection # only needs to protect against these types. - @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form] + @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text] cattr_reader :browser_generated_types @@ -177,7 +177,7 @@ module Mime end # Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See - # ActionController::RequestForgerProtection. + # ActionController::RequestForgeryProtection. def verify_request? browser_generated? end |