diff options
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_view/helpers/csrf_helper.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb index 092855b578..65c8debc76 100644 --- a/actionpack/lib/action_view/helpers/csrf_helper.rb +++ b/actionpack/lib/action_view/helpers/csrf_helper.rb @@ -17,7 +17,7 @@ module ActionView # Note that regular forms generate hidden fields, and that Ajax calls are whitelisted, # so they do not use these tags. def csrf_meta_tags - <<-METAS.strip_heredoc.html_safe if protect_against_forgery? + <<-METAS.strip_heredoc.chomp.html_safe if protect_against_forgery? <meta name="csrf-param" content="#{Rack::Utils.escape_html(request_forgery_protection_token)}"/> <meta name="csrf-token" content="#{Rack::Utils.escape_html(form_authenticity_token)}"/> METAS diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 7e169431f4..5af25a0894 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -220,7 +220,7 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase test 'should emit a csrf-token meta tag' do ActiveSupport::SecureRandom.stubs(:base64).returns(@token + '<=?') get :meta - assert_equal <<-METAS.strip_heredoc, @response.body + assert_equal <<-METAS.strip_heredoc.chomp, @response.body <meta name="csrf-param" content="authenticity_token"/> <meta name="csrf-token" content="cf50faa3fe97702ca1ae<=?"/> METAS |