diff options
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/lib/action_view/helpers/csrf_helper.rb | 2 | ||||
-rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb index 2d6af52180..6f98bd4573 100644 --- a/actionpack/lib/action_view/helpers/csrf_helper.rb +++ b/actionpack/lib/action_view/helpers/csrf_helper.rb @@ -4,7 +4,7 @@ module ActionView # Returns a meta tag with the request forgery protection token for forms to use. Put this in your head. def csrf_meta_tag if protect_against_forgery? - %(<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe + %(<meta name="csrf-param" content="#{Rack::Utils.escape(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe end end end diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 55c21bc84a..77d07d8eeb 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -218,7 +218,7 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase test 'should emit a csrf-token meta tag' do get :meta - assert_equal %(<meta name="csrf-token" content="#{@token}"/>), @response.body + assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="#{@token}"/>), @response.body end end |