Jeremy Evans
2008-Jan-08 00:11 UTC
Unbreak ActiveRecordHelper::form() when protect_from_forgery is used
Can I get some +1s for this tiny patch? It fixes ActiveRecordHelper::form, which is broken by default in new applications created with Rails 2.0. http://dev.rubyonrails.org/ticket/10739 Jeremy --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
Ernest Prabhakar
2008-Jan-08 00:15 UTC
Re: Unbreak ActiveRecordHelper::form() when protect_from_forgery is used
+1 On Jan 7, 2008, at 4:11 PM, Jeremy Evans wrote:> > Can I get some +1s for this tiny patch? It fixes > ActiveRecordHelper::form, which is broken by default in new > applications created with Rails 2.0. > > http://dev.rubyonrails.org/ticket/10739 > > Jeremy > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
DHH
2008-Jan-10 00:50 UTC
Re: Unbreak ActiveRecordHelper::form() when protect_from_forgery is used
> Can I get some +1s for this tiny patch? It fixes > ActiveRecordHelper::form, which is broken by default in new > applications created with Rails 2.0. > > http://dev.rubyonrails.org/ticket/10739Looks good. Could you add some tests so we ensure that no regression happens here? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
Jeremy Evans
2008-Jan-10 20:35 UTC
Re: Unbreak ActiveRecordHelper::form() when protect_from_forgery is used
On 1/9/08, DHH <david.heinemeier@gmail.com> wrote:> > > Can I get some +1s for this tiny patch? It fixes > > ActiveRecordHelper::form, which is broken by default in new > > applications created with Rails 2.0. > > > > http://dev.rubyonrails.org/ticket/10739 > > Looks good. Could you add some tests so we ensure that no regression > happens here?I changed the implementation a little, and added an option to change the method used (so it doesn''t force post on you). Tests for both the csrf protection and the method option are included in the new patch. Jeremy --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
Seemingly Similar Threads
- Overloading error_message_on method in ActiveRecordHelper
- POST-only logic in protect_from_forgery considered harmful?
- Re: RESOLVED: Overloading error_message_on method in ActiveRecordHelper
- CSRF protection in rails 2.3.11
- rspec-rails how to selectively turn on csrf protection for controller specs?