From fbbcd6f29aeccc938b97b5c01717365f8b67912c Mon Sep 17 00:00:00 2001
From: Jeff Cohen <cohen.jeff@gmail.com>
Date: Fri, 31 Oct 2008 23:10:44 -0500
Subject: Changed request forgery protection to only worry about HTML-formatted
 content requests.

Signed-off-by: Michael Koziarski <michael@koziarski.com>
---
 actionpack/lib/action_controller/request_forgery_protection.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/lib/action_controller/request_forgery_protection.rb')

diff --git a/actionpack/lib/action_controller/request_forgery_protection.rb b/actionpack/lib/action_controller/request_forgery_protection.rb
index 05a6d8bb79..3e0e94a06b 100644
--- a/actionpack/lib/action_controller/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/request_forgery_protection.rb
@@ -99,7 +99,7 @@ module ActionController #:nodoc:
       end
     
       def verifiable_request_format?
-        request.content_type.nil? || request.content_type.verify_request?
+        !request.content_type.nil? && request.content_type.verify_request?
       end
     
       # Sets the token value for the current session.  Pass a <tt>:secret</tt> option
-- 
cgit v1.2.3