Displaying 1 result from an estimated 1 matches for "cancachedynam".
Did you mean:
cancachedynamic
2008 Jan 23
2
CSRF / cached authenticity tokens / ajax requests
I''m going to go out on a limb here and say the new CSRF protection in
Rails is flawed. Why? Forget about caching if you care to use it.
Consider the following:
<% cache do %>
<%= link_to_remote "Add To Favorites", :url => {:controller =>
"favorites", :action => "create", "movie_id" => 2} %>
<% end %>
# Output
<a