diff options
| author | Kasper Timm Hansen <kaspth@gmail.com> | 2017-03-23 21:43:11 +0100 |
|---|---|---|
| committer | Kasper Timm Hansen <kaspth@gmail.com> | 2017-04-16 16:25:38 +0200 |
| commit | 6309b85100dd2b55c716ee4a4e9cbd3da2dc0617 (patch) | |
| tree | b2f3e70f61439d334a947afe45080004bd1cea1a /actionview/lib/action_view/helpers | |
| parent | c8a9ac000d72f8435eb1bc417bf8a001ec20cb6a (diff) | |
| download | rails-6309b85100dd2b55c716ee4a4e9cbd3da2dc0617.tar.gz rails-6309b85100dd2b55c716ee4a4e9cbd3da2dc0617.tar.bz2 rails-6309b85100dd2b55c716ee4a4e9cbd3da2dc0617.zip | |
Default embed_authenticity_token_in_remote_forms to nil.
Effectively treat nil values as "auto", e.g. whatever a form helper
chooses to interpret it as.
But treat an explicitly assigned false value as disabling.
Diffstat (limited to 'actionview/lib/action_view/helpers')
| -rw-r--r-- | actionview/lib/action_view/helpers/form_helper.rb | 14 | ||||
| -rw-r--r-- | actionview/lib/action_view/helpers/form_tag_helper.rb | 2 |
2 files changed, 9 insertions, 7 deletions
diff --git a/actionview/lib/action_view/helpers/form_helper.rb b/actionview/lib/action_view/helpers/form_helper.rb index 96f8aede76..bd035458a0 100644 --- a/actionview/lib/action_view/helpers/form_helper.rb +++ b/actionview/lib/action_view/helpers/form_helper.rb @@ -1517,12 +1517,14 @@ module ActionView html_options[:"accept-charset"] = "UTF-8" html_options[:"data-remote"] = true unless local - if !local && !embed_authenticity_token_in_remote_forms && - html_options[:authenticity_token].blank? - # The authenticity token is taken from the meta tag in this case - html_options[:authenticity_token] = false - elsif html_options[:authenticity_token] == true - # Include the default authenticity_token, which is only generated when its set to nil, + html_options[:authenticity_token] = options.delete(:authenticity_token) + + if !local && html_options[:authenticity_token].blank? + html_options[:authenticity_token] = embed_authenticity_token_in_remote_forms + end + + if html_options[:authenticity_token] == true + # Include the default authenticity_token, which is only generated when it's set to nil, # but we needed the true value to override the default of no authenticity_token on data-remote. html_options[:authenticity_token] = nil end diff --git a/actionview/lib/action_view/helpers/form_tag_helper.rb b/actionview/lib/action_view/helpers/form_tag_helper.rb index ffc64e7118..9fc08b3837 100644 --- a/actionview/lib/action_view/helpers/form_tag_helper.rb +++ b/actionview/lib/action_view/helpers/form_tag_helper.rb @@ -18,7 +18,7 @@ module ActionView include TextHelper mattr_accessor :embed_authenticity_token_in_remote_forms - self.embed_authenticity_token_in_remote_forms = false + self.embed_authenticity_token_in_remote_forms = nil # Starts a form tag that points the action to a url configured with <tt>url_for_options</tt> just like # ActionController::Base#url_for. The method for the form defaults to POST. |