diff options
| author | Robin Dupret <robin.dupret@gmail.com> | 2015-01-03 12:58:19 +0100 |
|---|---|---|
| committer | Robin Dupret <robin.dupret@gmail.com> | 2015-01-03 12:58:19 +0100 |
| commit | d0703280c7c4a3d958fe5c5743def7808383ad75 (patch) | |
| tree | d53a2adb5e7e8274dc8a81a3f3e56539be7e9ada /guides/source/security.md | |
| parent | 0aa18c7d18ac5cf72345b79a223149f8ff9d4ae8 (diff) | |
| download | rails-d0703280c7c4a3d958fe5c5743def7808383ad75.tar.gz rails-d0703280c7c4a3d958fe5c5743def7808383ad75.tar.bz2 rails-d0703280c7c4a3d958fe5c5743def7808383ad75.zip | |
Avoid displaying new lines inside note paragraphs
Commit 65a2977 added a `pre-wrap` style for white spaces on `.note`
paragraphs. However, this is first inconsistent as other notes like
warnings don't have this style applied. Furthermore, it seems to be
unneeded for mobile devices.
Also revert changes made in #18147 since they aren't needed anymore.
Cross-refs #18138.
[ci skip]
Diffstat (limited to 'guides/source/security.md')
| -rw-r--r-- | guides/source/security.md | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index 4a80edbdad..e4cc79df55 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -249,7 +249,14 @@ protect_from_forgery with: :exception This will automatically include a security token in all forms and Ajax requests generated by Rails. If the security token doesn't match what was expected, an exception will be thrown. -NOTE: By default, Rails includes jQuery and an [unobtrusive scripting adapter for jQuery](https://github.com/rails/jquery-ujs), which adds a header called `X-CSRF-Token` on every non-GET Ajax call made by jQuery with the security token. Without this header, non-GET Ajax requests won't be accepted by Rails. When using another library to make Ajax calls, it is necessary to add the security token as a default header for Ajax calls in your library. To get the token, have a look at `<meta name='csrf-token' content='THE-TOKEN'>` tag printed by `<%= csrf_meta_tags %>` in your application view. +NOTE: By default, Rails includes jQuery and an [unobtrusive scripting adapter for +jQuery](https://github.com/rails/jquery-ujs), which adds a header called +`X-CSRF-Token` on every non-GET Ajax call made by jQuery with the security token. +Without this header, non-GET Ajax requests won't be accepted by Rails. When using +another library to make Ajax calls, it is necessary to add the security token as +a default header for Ajax calls in your library. To get the token, have a look at +`<meta name='csrf-token' content='THE-TOKEN'>` tag printed by +`<%= csrf_meta_tags %>` in your application view. It is common to use persistent cookies to store user information, with `cookies.permanent` for example. In this case, the cookies will not be cleared and the out of the box CSRF protection will not be effective. If you are using a different cookie store than the session for this information, you must handle what to do with it yourself: |