Rick Olson
|
82ff27766d
|
Better error messages if you leave out the :secret option for request forgery protection. Closes #9670 [rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7671 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
2007-09-28 16:50:48 +00:00 |
|
Rick Olson
|
5edc81dcc2
|
Allow ability to disable request forgery protection, disable it in test mode by default. Closes #9693 [lifofifo]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7668 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
2007-09-28 15:55:45 +00:00 |
|
David Heinemeier Hansson
|
bdf5672077
|
Change from InvalidToken to InvalidAuthenticityToken to be more specific
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7623 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
2007-09-24 23:12:25 +00:00 |
|
Rick Olson
|
2c73115b2f
|
port over some of the csrf_killer README docs
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7614 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
2007-09-24 17:59:17 +00:00 |
|
David Heinemeier Hansson
|
911ea2f26f
|
Beefed up docs a bit
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7612 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
2007-09-24 17:02:02 +00:00 |
|
Rick Olson
|
c619003854
|
Rename some RequestForgeryProtection methods. The class method is now #protect_from_forgery, and the default parameter is now 'authenticity_token'. [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7596 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
2007-09-23 18:14:44 +00:00 |
|
Rick Olson
|
4e3ed5bc44
|
Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests. [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7592 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
2007-09-23 02:32:55 +00:00 |
|