diff options
| author | Ryunosuke Sato <tricknotes.rs@gmail.com> | 2017-03-30 01:10:20 +0900 |
|---|---|---|
| committer | Ryunosuke Sato <tricknotes.rs@gmail.com> | 2017-03-30 01:10:20 +0900 |
| commit | 40f226ae94a726ca8935062a8aac50af8cad1de9 (patch) | |
| tree | c053c691bfcdbe238fd7b399a2a9ea5848947b18 /guides/source/security.md | |
| parent | 55ccec637212a2232a64f86360b2a25fa1c25759 (diff) | |
| download | rails-40f226ae94a726ca8935062a8aac50af8cad1de9.tar.gz rails-40f226ae94a726ca8935062a8aac50af8cad1de9.tar.bz2 rails-40f226ae94a726ca8935062a8aac50af8cad1de9.zip | |
Fix link to rails-ujs
https://github.com/rails/rails-ujs is merged into actionview in favor of https://github.com/rails/rails/pull/28098.
[skip ci]
Diffstat (limited to 'guides/source/security.md')
| -rw-r--r-- | guides/source/security.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index 7e27e6f37d..c305350243 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -257,7 +257,7 @@ protect_from_forgery with: :exception This will automatically include a security token in all forms and Ajax requests generated by Rails. If the security token doesn't match what was expected, an exception will be thrown. -NOTE: By default, Rails includes an [unobtrusive scripting adapter](https://github.com/rails/rails-ujs), +NOTE: By default, Rails includes an [unobtrusive scripting adapter](https://github.com/rails/rails/blob/master/actionview/app/assets/javascripts), which adds a header called `X-CSRF-Token` with the security token on every non-GET Ajax call. Without this header, non-GET Ajax requests won't be accepted by Rails. When using another library to make Ajax calls, it is necessary to add the security |