diff options
| author | Xavier Noria <fxn@hashref.com> | 2015-01-03 13:53:17 +0100 |
|---|---|---|
| committer | Xavier Noria <fxn@hashref.com> | 2015-01-03 13:53:17 +0100 |
| commit | 02e72a49d1c99084fef2c78c3a194e03b879099d (patch) | |
| tree | d53a2adb5e7e8274dc8a81a3f3e56539be7e9ada /guides/source | |
| parent | a699f5d3e18e87e802bc460b6e4d2b6fd4921884 (diff) | |
| parent | d0703280c7c4a3d958fe5c5743def7808383ad75 (diff) | |
| download | rails-02e72a49d1c99084fef2c78c3a194e03b879099d.tar.gz rails-02e72a49d1c99084fef2c78c3a194e03b879099d.tar.bz2 rails-02e72a49d1c99084fef2c78c3a194e03b879099d.zip | |
Merge pull request #18310 from robin850/guides-improvements
Some guides improvements
Diffstat (limited to 'guides/source')
| -rw-r--r-- | guides/source/active_record_querying.md | 3 | ||||
| -rw-r--r-- | guides/source/security.md | 9 |
2 files changed, 10 insertions, 2 deletions
diff --git a/guides/source/active_record_querying.md b/guides/source/active_record_querying.md index e0a9add2be..6cfb6c5ca5 100644 --- a/guides/source/active_record_querying.md +++ b/guides/source/active_record_querying.md @@ -1384,7 +1384,8 @@ WHERE people.name = 'John' LIMIT 1 ``` -NOTE: Remember that, if `find_by` returns more than one registry, it will take just the first and ignore the others. Note the `LIMIT 1` statement above. +NOTE: Remember that, if `find_by` returns more than one registry, it will take +just the first and ignore the others. Note the `LIMIT 1` statement above. Find or Build a New Object -------------------------- diff --git a/guides/source/security.md b/guides/source/security.md index 4a80edbdad..e4cc79df55 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -249,7 +249,14 @@ protect_from_forgery with: :exception This will automatically include a security token in all forms and Ajax requests generated by Rails. If the security token doesn't match what was expected, an exception will be thrown. -NOTE: By default, Rails includes jQuery and an [unobtrusive scripting adapter for jQuery](https://github.com/rails/jquery-ujs), which adds a header called `X-CSRF-Token` on every non-GET Ajax call made by jQuery with the security token. Without this header, non-GET Ajax requests won't be accepted by Rails. When using another library to make Ajax calls, it is necessary to add the security token as a default header for Ajax calls in your library. To get the token, have a look at `<meta name='csrf-token' content='THE-TOKEN'>` tag printed by `<%= csrf_meta_tags %>` in your application view. +NOTE: By default, Rails includes jQuery and an [unobtrusive scripting adapter for +jQuery](https://github.com/rails/jquery-ujs), which adds a header called +`X-CSRF-Token` on every non-GET Ajax call made by jQuery with the security token. +Without this header, non-GET Ajax requests won't be accepted by Rails. When using +another library to make Ajax calls, it is necessary to add the security token as +a default header for Ajax calls in your library. To get the token, have a look at +`<meta name='csrf-token' content='THE-TOKEN'>` tag printed by +`<%= csrf_meta_tags %>` in your application view. It is common to use persistent cookies to store user information, with `cookies.permanent` for example. In this case, the cookies will not be cleared and the out of the box CSRF protection will not be effective. If you are using a different cookie store than the session for this information, you must handle what to do with it yourself: |