diff options
| author | Jeremy Kemper <jeremy@bitsweat.net> | 2010-02-04 15:26:24 -0800 |
|---|---|---|
| committer | Jeremy Kemper <jeremy@bitsweat.net> | 2010-02-04 15:26:24 -0800 |
| commit | 2191aa47acc0a560366c8c09fa9635602cff5f07 (patch) | |
| tree | 45a7706719a896658fed6604b3026b8408b4825c /actionpack | |
| parent | 09a88a347d1f94869b945dfaa47ca54dd1940d46 (diff) | |
| download | rails-2191aa47acc0a560366c8c09fa9635602cff5f07.tar.gz rails-2191aa47acc0a560366c8c09fa9635602cff5f07.tar.bz2 rails-2191aa47acc0a560366c8c09fa9635602cff5f07.zip | |
Expose CSRF param name also
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_view/helpers/csrf_helper.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb index 2d6af52180..6f98bd4573 100644 --- a/actionpack/lib/action_view/helpers/csrf_helper.rb +++ b/actionpack/lib/action_view/helpers/csrf_helper.rb @@ -4,7 +4,7 @@ module ActionView # Returns a meta tag with the request forgery protection token for forms to use. Put this in your head. def csrf_meta_tag if protect_against_forgery? - %(<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe + %(<meta name="csrf-param" content="#{Rack::Utils.escape(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe end end end diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 55c21bc84a..77d07d8eeb 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -218,7 +218,7 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase test 'should emit a csrf-token meta tag' do get :meta - assert_equal %(<meta name="csrf-token" content="#{@token}"/>), @response.body + assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="#{@token}"/>), @response.body end end |