diff options
-rw-r--r-- | actionpack/lib/action_controller/metal/request_forgery_protection.rb | 5 | ||||
-rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 20 |
2 files changed, 24 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 113c20a758..173df79ee7 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -101,6 +101,11 @@ module ActionController #:nodoc: session[:_csrf_token] ||= ActiveSupport::SecureRandom.base64(32) end + # The form's authenticity parameter. Override to provide your own. + def form_authenticity_param + params[request_forgery_protection_token] + end + def protect_against_forgery? allow_forgery_protection end diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 7111796f8d..3e54ae96c5 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -18,7 +18,7 @@ module RequestForgeryProtectionActions def unsafe render :text => 'pwn' end - + def rescue_action(e) raise e end end @@ -40,6 +40,13 @@ class FreeCookieController < RequestForgeryProtectionController end end +class CustomAuthenticityParamController < RequestForgeryProtectionController + def form_authenticity_param + 'foobar' + end +end + + # common test methods module RequestForgeryProtectionTests @@ -241,3 +248,14 @@ class FreeCookieControllerTest < ActionController::TestCase end end end + +class CustomAuthenticityParamControllerTest < ActionController::TestCase + def setup + ActionController::Base.request_forgery_protection_token = :authenticity_tok + end + + def test_should_allow_custom_token + post :index, :authenticity_token => 'foobar' + assert_response :ok + end +end |