diff options
Diffstat (limited to 'actionpack/lib/action_view/helpers/url_helper.rb')
-rw-r--r-- | actionpack/lib/action_view/helpers/url_helper.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb index 010a789b85..02c5c40727 100644 --- a/actionpack/lib/action_view/helpers/url_helper.rb +++ b/actionpack/lib/action_view/helpers/url_helper.rb @@ -472,6 +472,10 @@ module ActionView submit_function << "m.setAttribute('name', '_method'); m.setAttribute('value', '#{method}'); f.appendChild(m);" end + if request_forgery_protection_token + submit_function << "var s = document.createElement('input'); s.setAttribute('type', 'hidden'); " + submit_function << "s.setAttribute('name', '_token'); s.setAttribute('value', '#{escape_javascript form_token}'); f.appendChild(s);" + end submit_function << "f.submit();" end |