diff options
| author | Rafael França <rafaelmfranca@gmail.com> | 2017-03-29 12:23:06 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-03-29 12:23:06 -0400 |
| commit | 842f67dd242e738419f27e752ea7dcd0bbe87b6d (patch) | |
| tree | f0cb5fef206a672966464364b6dd3880572dd108 /guides/source/security.md | |
| parent | e91b17e834071c4b5056dc2761f0b49b70ede99b (diff) | |
| parent | 40f226ae94a726ca8935062a8aac50af8cad1de9 (diff) | |
| download | rails-842f67dd242e738419f27e752ea7dcd0bbe87b6d.tar.gz rails-842f67dd242e738419f27e752ea7dcd0bbe87b6d.tar.bz2 rails-842f67dd242e738419f27e752ea7dcd0bbe87b6d.zip | |
Merge pull request #28601 from tricknotes/fix-link-to-rails-ujs
Fix link to rails-ujs
Diffstat (limited to 'guides/source/security.md')
| -rw-r--r-- | guides/source/security.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index 7e27e6f37d..c305350243 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -257,7 +257,7 @@ protect_from_forgery with: :exception This will automatically include a security token in all forms and Ajax requests generated by Rails. If the security token doesn't match what was expected, an exception will be thrown. -NOTE: By default, Rails includes an [unobtrusive scripting adapter](https://github.com/rails/rails-ujs), +NOTE: By default, Rails includes an [unobtrusive scripting adapter](https://github.com/rails/rails/blob/master/actionview/app/assets/javascripts), which adds a header called `X-CSRF-Token` with the security token on every non-GET Ajax call. Without this header, non-GET Ajax requests won't be accepted by Rails. When using another library to make Ajax calls, it is necessary to add the security |