From 7d5a858e5ce54d449066ad0a00917248475fa7f0 Mon Sep 17 00:00:00 2001
From: Tom Kadwill <tomkadwill@gmail.com>
Date: Fri, 2 May 2014 15:54:35 +0100
Subject: Moved 'params[request_forgery_protection_token]' into its own method
 and improved tests.

---
 actionpack/lib/action_controller/metal/request_forgery_protection.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/lib/action_controller/metal/request_forgery_protection.rb')

diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index e3b1f5ae7c..1355fe87d0 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -247,7 +247,7 @@ module ActionController #:nodoc:
       # * Does the X-CSRF-Token header match the form_authenticity_token
       def verified_request?
         !protect_against_forgery? || request.get? || request.head? ||
-          form_authenticity_token == params[request_forgery_protection_token] ||
+          form_authenticity_token == form_authenticity_param ||
           form_authenticity_token == request.headers['X-CSRF-Token']
       end
 
-- 
cgit v1.2.3