diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2014-02-17 11:21:18 -0800 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2014-02-17 11:21:18 -0800 |
| commit | fe42effb11a97cf19777d7b0dba7e1e2dfd3316c (patch) | |
| tree | 388f48bc682802cbcae53a0d570d2c8587bbb98b /actionview/lib/action_view/helpers/csrf_helper.rb | |
| parent | 5ac2879b08b05b7f6eaebc5473e62b4576f84a3f (diff) | |
| parent | 3e3ed1ede51f4d2f7f1d30b3754072b1121d5394 (diff) | |
| download | rails-fe42effb11a97cf19777d7b0dba7e1e2dfd3316c.tar.gz rails-fe42effb11a97cf19777d7b0dba7e1e2dfd3316c.tar.bz2 rails-fe42effb11a97cf19777d7b0dba7e1e2dfd3316c.zip | |
Merge branch 'master' into adequaterecord
* master: (311 commits)
Add a missing changelog entry for #13981 and #14035
Revert "Fixed plugin_generator test"
implements new option :month_format_string for date select helpers [Closes #13618]
add factory methods for empty alias trackers
guarantee a list in the alias tracker so we can remove a conditional
stop exposing table_joins
make most parameters to the AliasTracker required
make a singleton for AssociationScope
pass the association and connection to the scope method
pass the tracker down the stack and construct it in the scope method
clean up add_constraints signature
remove the reflection delegate
remove klass delegator
remove railties changes. fixes #14054
remove chain delegate
remove scope_chain delegate
Add verb to sanitization note
fix path shown in mailer's templates
updated Travis build status image url
fix guide active_support_core_extensions. add Note to String#indent [ci skip]
...
Conflicts:
activerecord/lib/active_record/associations/join_dependency.rb
activerecord/test/cases/associations/association_scope_test.rb
Diffstat (limited to 'actionview/lib/action_view/helpers/csrf_helper.rb')
| -rw-r--r-- | actionview/lib/action_view/helpers/csrf_helper.rb | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/actionview/lib/action_view/helpers/csrf_helper.rb b/actionview/lib/action_view/helpers/csrf_helper.rb index eeb0ed94b9..5af92c4ff2 100644 --- a/actionview/lib/action_view/helpers/csrf_helper.rb +++ b/actionview/lib/action_view/helpers/csrf_helper.rb @@ -12,8 +12,11 @@ module ActionView # These are used to generate the dynamic forms that implement non-remote links with # <tt>:method</tt>. # - # Note that regular forms generate hidden fields, and that Ajax calls are whitelisted, - # so they do not use these tags. + # You don't need to use these tags for regular forms as they generate their own hidden fields. + # + # For AJAX requests other than GETs, extract the "csrf-token" from the meta-tag and send as the + # "X-CSRF-Token" HTTP header. If you are using jQuery with jquery-rails this happens automatically. + # def csrf_meta_tags if protect_against_forgery? [ |