From 5edc81dcc2e13bdce3da01745b0d1af654342aad Mon Sep 17 00:00:00 2001
From: Rick Olson <technoweenie@gmail.com>
Date: Fri, 28 Sep 2007 15:55:45 +0000
Subject: Allow ability to disable request forgery protection, disable it in
 test mode by default.  Closes #9693 [lifofifo]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7668 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/lib/action_view/helpers/form_tag_helper.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'actionpack/lib/action_view/helpers/form_tag_helper.rb')

diff --git a/actionpack/lib/action_view/helpers/form_tag_helper.rb b/actionpack/lib/action_view/helpers/form_tag_helper.rb
index db74df26bf..fdc0d10c6c 100644
--- a/actionpack/lib/action_view/helpers/form_tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/form_tag_helper.rb
@@ -401,7 +401,7 @@ module ActionView
               ''
             when /^post$/i, "", nil
               html_options["method"] = "post"
-              request_forgery_protection_token ? content_tag(:div, token_tag, :style => 'margin:0;padding:0') : ''
+              protect_against_forgery? ? content_tag(:div, token_tag, :style => 'margin:0;padding:0') : ''
             else
               html_options["method"] = "post"
               content_tag(:div, tag(:input, :type => "hidden", :name => "_method", :value => method) + token_tag, :style => 'margin:0;padding:0')
@@ -421,7 +421,7 @@ module ActionView
         end
 
         def token_tag
-          if request_forgery_protection_token.nil?
+          unless protect_against_forgery?
             ''
           else
             tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => form_authenticity_token)
-- 
cgit v1.2.3