Merge pull request #24641 from rafaelfranca/fix-per-form-token-with-full-url

Discart the schema and host information when building the per-form token
author: Jeremy Daer <jeremydaer@gmail.com> 2016-04-25 21:03:33 -0500
committer: Jeremy Daer <jeremydaer@gmail.com> 2016-04-25 21:03:33 -0500
commit: 9364d50654a791e6405b0a14854ab08cd5420cab (patch)
tree: 362b185e776db2981df4d7eee1338f796732bdb9 /actionpack/lib
parent: 420730b10b46be7e40d806007bb28d3b17c7519f (diff)
parent: 60c6b538170ce35cc8ff8382bef2f082868b4b09 (diff)
download: rails-9364d50654a791e6405b0a14854ab08cd5420cab.tar.gz
rails-9364d50654a791e6405b0a14854ab08cd5420cab.tar.bz2
rails-9364d50654a791e6405b0a14854ab08cd5420cab.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 5793e28175..f7e8d06f10 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -405,7 +405,8 @@ module ActionController #:nodoc:
       end
 
       def normalize_action_path(action_path)
-        action_path.split('?').first.to_s.chomp('/')
+        uri = URI.parse(action_path)
+        uri.path.chomp('/')
       end
   end
 end
author	Jeremy Daer <jeremydaer@gmail.com>	2016-04-25 21:03:33 -0500
committer	Jeremy Daer <jeremydaer@gmail.com>	2016-04-25 21:03:33 -0500
commit	9364d50654a791e6405b0a14854ab08cd5420cab (patch)
tree	362b185e776db2981df4d7eee1338f796732bdb9 /actionpack/lib
parent	420730b10b46be7e40d806007bb28d3b17c7519f (diff)
parent	60c6b538170ce35cc8ff8382bef2f082868b4b09 (diff)
download	rails-9364d50654a791e6405b0a14854ab08cd5420cab.tar.gz rails-9364d50654a791e6405b0a14854ab08cd5420cab.tar.bz2 rails-9364d50654a791e6405b0a14854ab08cd5420cab.zip