aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/request_forgery_protection_test.rb
Commit message (Expand)AuthorAgeFilesLines
* Change the CSRF whitelisting to only apply to get requestsMichael Koziarski2011-02-081-136/+75
* put authenticity_token option in parity w/ remoteDan Pickett2011-02-061-2/+2
* Added tests for form_for and an authenticity_token option. Added docs for for...Timothy N. Tsvetkov2011-02-051-0/+18
* authenticity_token option for form_tag [#2988 state:resolved]Jakub Kuźma2011-01-091-0/+18
* Fix indentation.Emilio Tagua2010-09-271-19/+18
* get csrf_meta_tag back to the generated layout in deference to existing print...Xavier Noria2010-09-141-1/+1
* revises implementation and documentation of csrf_meta_tags, and aliases csrf_...Xavier Noria2010-09-111-2/+6
* code gardening: we have assert_(nil|blank|present), more concise, with better...Xavier Noria2010-08-171-1/+1
* Test that csrf meta content is html-escaped, tooJeremy Kemper2010-02-041-1/+2
* Revert dumb testJeremy Kemper2010-02-041-2/+2
* HTML-escape csrf meta contentsJeremy Kemper2010-02-041-2/+2
* Expose CSRF param name alsoJeremy Kemper2010-02-041-1/+1
* Expose CSRF tag for UJS adaptersJeremy Kemper2010-02-041-1/+15
* Move form_remote_tag and remote_form_for into prototype_legacy_helperJoshua Peek2010-01-301-27/+18
* Fix test bleedJeremy Kemper2009-11-181-1/+1
* Extract form_authenticity_param instance method so it's overridable in subcla...Jeremy Kemper2009-11-171-1/+19
* Cleanup route reloading in tests. Prefer with_routing over using ActionContro...Joshua Peek2009-08-161-5/+1
* Don't check authenticity tokens for any AJAX requestsRoss Kaffenburger and Bryan Helmkamp2009-04-151-5/+6
* Ruby 1.9 compat: rename deprecated assert_raises to assert_raise.Jeremy Kemper2009-03-081-9/+9
* Change the forgery token implementation to just be a simple random string.Michael Koziarski2008-11-231-87/+6
* Merge branch 'master' into testingJeremy Kemper2008-11-151-52/+66
|\
| * Changed request forgery protection to only worry about HTML-formatted content...Jeff Cohen2008-11-131-52/+66
* | Move controller assertions from base TestCase to AC:: and AV::TestCaseJeremy Kemper2008-11-071-5/+5
|/
* Merge branch 'master' of git@github.com:rails/railsrick2008-05-131-0/+24
|\
| * Bug: Earlier Check for Session in Forgery ProtectionPeter Jones2008-05-111-0/+24
* | change ActionController::RequestForgeryProtection to use Mime::Type#verify_re...rick2008-05-061-3/+45
* | Change the request forgery protection to go by Content-Type instead of reques...rick2008-05-061-4/+25
|/
* Don't append the forgery token to an ajax request if it's serializing a form,...Michael Koziarski2008-01-081-0/+9
* require abstract_unit directly since test is in load pathJeremy Kemper2008-01-051-1/+1
* Ruby 1.9 compat, consistent load pathsJeremy Kemper2007-10-021-1/+1
* Better error messages if you leave out the :secret option for request forgery...Rick Olson2007-09-281-45/+74
* Add missing requireMichael Koziarski2007-09-281-0/+1
* Allow ability to disable request forgery protection, disable it in test mode ...Rick Olson2007-09-281-0/+38
* Protect button_to behind protect_from_forgery (closes #9675) [lifo]David Heinemeier Hansson2007-09-251-106/+38
* Change from InvalidToken to InvalidAuthenticityToken to be more specificDavid Heinemeier Hansson2007-09-241-12/+12
* Rename some RequestForgeryProtection methods. The class method is now #prote...Rick Olson2007-09-231-12/+12
* Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model tha...Rick Olson2007-09-231-0/+217