github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-04-26 03:00:59 -04:00
Code Issues Packages Projects Releases Wiki Activity

Expose CSRF param name also

Browse Source
This commit is contained in:
Jeremy Kemper
2010-02-04 15:26:24 -08:00
parent 09a88a347d
commit 2191aa47ac
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
actionpack/lib/action_view/helpers/csrf_helper.rb
View File

@@ -4,7 +4,7 @@ module ActionView
# Returns a meta tag with the request forgery protection token for forms to use. Put this in your head.
def csrf_meta_tag
if protect_against_forgery?
%(<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
%(<meta name="csrf-param" content="#{Rack::Utils.escape(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
end
end
end

2
actionpack/test/controller/request_forgery_protection_test.rb
View File

@@ -218,7 +218,7 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase
test 'should emit a csrf-token meta tag' do
get :meta
assert_equal %(<meta name="csrf-token" content="#{@token}"/>), @response.body
assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="#{@token}"/>), @response.body
end
end