From 8c197fb4ab4fa432a6e9421e0339a17a7ec296f1 Mon Sep 17 00:00:00 2001
From: Michael Koziarski <michael@koziarski.com>
Date: Sun, 16 Nov 2008 20:19:02 +0100
Subject: Add text/plain to the browser_generated_types array as webkit and
 gecko can submit them.

For more information see:

http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
---
 actionpack/lib/action_controller/mime_type.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'actionpack/lib/action_controller')

diff --git a/actionpack/lib/action_controller/mime_type.rb b/actionpack/lib/action_controller/mime_type.rb
index 8ca3a70341..6923a13f3f 100644
--- a/actionpack/lib/action_controller/mime_type.rb
+++ b/actionpack/lib/action_controller/mime_type.rb
@@ -25,7 +25,7 @@ module Mime
     # These are the content types which browsers can generate without using ajax, flash, etc
     # i.e. following a link, getting an image or posting a form.  CSRF protection
     # only needs to protect against these types.
-    @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form]
+    @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text]
     cattr_reader :browser_generated_types
 
 
@@ -177,7 +177,7 @@ module Mime
     end
 
     # Returns true if Action Pack should check requests using this Mime Type for possible request forgery.  See
-    # ActionController::RequestForgerProtection.
+    # ActionController::RequestForgeryProtection.
     def verify_request?
       browser_generated?
     end
-- 
cgit v1.2.3