| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
[#1617 state:resolved]
|
|
|
|
| |
This deprecates the use of :secret and :digest which were only needed when we were hashing session ids.
|
|\ |
|
| |
| |
| |
| |
| |
| | |
content requests.
Signed-off-by: Michael Koziarski <michael@koziarski.com>
|
|/ |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The session is used by the form_authenticity_token method before it is
tested to be valid. This patch moves a few lines around so that the
session is validated first.
Without this patch, if you try to use forgery protection with sessions
turned off, you get this exception message:
undefined method `session_id' for {}:Hash
The patch includes a test that can be used to see this behavior before
the request_forgery_protection.rb file is patched to fix it.
|
| |
| |
| |
| | |
Mime::Type#verify_request? [#73]
|
|/
|
|
| |
request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" [#73 state:resolved]
|
|
|
|
|
|
| |
form, prevents duplicate tokens. Closes #10684 [macournoyer]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8598 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
| |
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8564 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
| |
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7719 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
|
|
| |
forgery protection. Closes #9670 [rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7671 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
| |
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7670 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
|
|
| |
by default. Closes #9693 [lifofifo]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7668 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
| |
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7636 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
| |
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7623 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
|
|
| |
#protect_from_forgery, and the default parameter is now 'authenticity_token'. [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7596 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
that verifies session-specific _tokens for non-GET requests. [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7592 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|