diff options
Diffstat (limited to 'actionpack/lib/action_controller/base')
| -rw-r--r-- | actionpack/lib/action_controller/base/mime_responds.rb | 12 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/base/request_forgery_protection.rb | 3 |
2 files changed, 13 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/base/mime_responds.rb b/actionpack/lib/action_controller/base/mime_responds.rb index bac225ab2a..a91483b0f0 100644 --- a/actionpack/lib/action_controller/base/mime_responds.rb +++ b/actionpack/lib/action_controller/base/mime_responds.rb @@ -94,6 +94,18 @@ module ActionController #:nodoc: # Note that you can define your own XML parameter parser which would allow you to describe multiple entities # in a single request (i.e., by wrapping them all in a single root node), but if you just go with the flow # and accept Rails' defaults, life will be much easier. + # + # Further more, you may call the #any method on the block's object in order to run the same code for different responses. + # def index + # + # respond_to do |format| + # format.html { @people = People.all(:limit => 10) } + # format.any(:xml, :atom) { @people = People.all } + # end + # end + # + # This will limit the @people variable to 10 people records if we're requesting HTML, but will list all the + # people for any xml or atom request. # # If you need to use a MIME type which isn't supported by default, you can register your own handlers in # environment.rb as follows. diff --git a/actionpack/lib/action_controller/base/request_forgery_protection.rb b/actionpack/lib/action_controller/base/request_forgery_protection.rb index 3067122ceb..df91dc1006 100644 --- a/actionpack/lib/action_controller/base/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/base/request_forgery_protection.rb @@ -96,8 +96,7 @@ module ActionController #:nodoc: !request.content_type.nil? && request.content_type.verify_request? end - # Sets the token value for the current session. Pass a <tt>:secret</tt> option - # in +protect_from_forgery+ to add a custom salt to the hash. + # Sets the token value for the current session. def form_authenticity_token session[:_csrf_token] ||= ActiveSupport::SecureRandom.base64(32) end |