Hi !!
I''m reading the rails guides about security, i had a question about the
forgery protection
If we consider a standard Restful resource ( generated with scaffold for
example ), the update and create actions are protected from forgery
attacks thanks to the authenticity token, but what about the destroy
method ??
<a href="/posts/2"
data-method="delete"rel="nofollow">Supprimer</a>
A third party website could paste a link with the same href and other
attributes and changing the link text et that would indeed destroy my
post wouldn''it ?? There''s no token here ..
Thanks
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
