From 5edc81dcc2e13bdce3da01745b0d1af654342aad Mon Sep 17 00:00:00 2001
From: Rick Olson <technoweenie@gmail.com>
Date: Fri, 28 Sep 2007 15:55:45 +0000
Subject: Allow ability to disable request forgery protection, disable it in
 test mode by default.  Closes #9693 [lifofifo]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7668 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/lib/action_view/helpers/url_helper.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'actionpack/lib/action_view/helpers/url_helper.rb')

diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb
index 490b2c1215..70d3ddd403 100644
--- a/actionpack/lib/action_view/helpers/url_helper.rb
+++ b/actionpack/lib/action_view/helpers/url_helper.rb
@@ -203,7 +203,7 @@ module ActionView
         form_method = method.to_s == 'get' ? 'get' : 'post'
         
         request_token_tag = ''
-        if form_method == 'post' && request_forgery_protection_token
+        if form_method == 'post' && protect_against_forgery?
           request_token_tag = tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => form_authenticity_token)
         end
         
@@ -477,7 +477,7 @@ module ActionView
             submit_function << "m.setAttribute('name', '_method'); m.setAttribute('value', '#{method}'); f.appendChild(m);"
           end
 
-          if request_forgery_protection_token
+          if protect_against_forgery?
             submit_function << "var s = document.createElement('input'); s.setAttribute('type', 'hidden'); "
             submit_function << "s.setAttribute('name', '#{request_forgery_protection_token}'); s.setAttribute('value', '#{escape_javascript form_authenticity_token}'); f.appendChild(s);"
           end
-- 
cgit v1.2.3