index
:
rails.git
3-2-stable-for-hmno
master
Mirror of official rails repo with custom fixes.
Harald Eilertsen
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
actionpack
/
test
/
controller
/
request_forgery_protection_test.rb
Commit message (
Expand
)
Author
Age
Files
Lines
*
Change the CSRF whitelisting to only apply to get requests
Michael Koziarski
2011-02-08
1
-136
/
+75
*
put authenticity_token option in parity w/ remote
Dan Pickett
2011-02-06
1
-2
/
+2
*
Added tests for form_for and an authenticity_token option. Added docs for for...
Timothy N. Tsvetkov
2011-02-05
1
-0
/
+18
*
authenticity_token option for form_tag [#2988 state:resolved]
Jakub Kuźma
2011-01-09
1
-0
/
+18
*
Fix indentation.
Emilio Tagua
2010-09-27
1
-19
/
+18
*
get csrf_meta_tag back to the generated layout in deference to existing print...
Xavier Noria
2010-09-14
1
-1
/
+1
*
revises implementation and documentation of csrf_meta_tags, and aliases csrf_...
Xavier Noria
2010-09-11
1
-2
/
+6
*
code gardening: we have assert_(nil|blank|present), more concise, with better...
Xavier Noria
2010-08-17
1
-1
/
+1
*
Test that csrf meta content is html-escaped, too
Jeremy Kemper
2010-02-04
1
-1
/
+2
*
Revert dumb test
Jeremy Kemper
2010-02-04
1
-2
/
+2
*
HTML-escape csrf meta contents
Jeremy Kemper
2010-02-04
1
-2
/
+2
*
Expose CSRF param name also
Jeremy Kemper
2010-02-04
1
-1
/
+1
*
Expose CSRF tag for UJS adapters
Jeremy Kemper
2010-02-04
1
-1
/
+15
*
Move form_remote_tag and remote_form_for into prototype_legacy_helper
Joshua Peek
2010-01-30
1
-27
/
+18
*
Fix test bleed
Jeremy Kemper
2009-11-18
1
-1
/
+1
*
Extract form_authenticity_param instance method so it's overridable in subcla...
Jeremy Kemper
2009-11-17
1
-1
/
+19
*
Cleanup route reloading in tests. Prefer with_routing over using ActionContro...
Joshua Peek
2009-08-16
1
-5
/
+1
*
Don't check authenticity tokens for any AJAX requests
Ross Kaffenburger and Bryan Helmkamp
2009-04-15
1
-5
/
+6
*
Ruby 1.9 compat: rename deprecated assert_raises to assert_raise.
Jeremy Kemper
2009-03-08
1
-9
/
+9
*
Change the forgery token implementation to just be a simple random string.
Michael Koziarski
2008-11-23
1
-87
/
+6
*
Merge branch 'master' into testing
Jeremy Kemper
2008-11-15
1
-52
/
+66
|
\
|
*
Changed request forgery protection to only worry about HTML-formatted content...
Jeff Cohen
2008-11-13
1
-52
/
+66
*
|
Move controller assertions from base TestCase to AC:: and AV::TestCase
Jeremy Kemper
2008-11-07
1
-5
/
+5
|
/
*
Merge branch 'master' of git@github.com:rails/rails
rick
2008-05-13
1
-0
/
+24
|
\
|
*
Bug: Earlier Check for Session in Forgery Protection
Peter Jones
2008-05-11
1
-0
/
+24
*
|
change ActionController::RequestForgeryProtection to use Mime::Type#verify_re...
rick
2008-05-06
1
-3
/
+45
*
|
Change the request forgery protection to go by Content-Type instead of reques...
rick
2008-05-06
1
-4
/
+25
|
/
*
Don't append the forgery token to an ajax request if it's serializing a form,...
Michael Koziarski
2008-01-08
1
-0
/
+9
*
require abstract_unit directly since test is in load path
Jeremy Kemper
2008-01-05
1
-1
/
+1
*
Ruby 1.9 compat, consistent load paths
Jeremy Kemper
2007-10-02
1
-1
/
+1
*
Better error messages if you leave out the :secret option for request forgery...
Rick Olson
2007-09-28
1
-45
/
+74
*
Add missing require
Michael Koziarski
2007-09-28
1
-0
/
+1
*
Allow ability to disable request forgery protection, disable it in test mode ...
Rick Olson
2007-09-28
1
-0
/
+38
*
Protect button_to behind protect_from_forgery (closes #9675) [lifo]
David Heinemeier Hansson
2007-09-25
1
-106
/
+38
*
Change from InvalidToken to InvalidAuthenticityToken to be more specific
David Heinemeier Hansson
2007-09-24
1
-12
/
+12
*
Rename some RequestForgeryProtection methods. The class method is now #prote...
Rick Olson
2007-09-23
1
-12
/
+12
*
Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model tha...
Rick Olson
2007-09-23
1
-0
/
+217