Displaying 1 result from an estimated 1 matches for "content_mime_typ".
Did you mean:
content_mime_type
2010 Sep 21
7
Ajax CSRF in Rails3
I''m using rails3. It does not seem to check the authenticity_token
when doing a POST using Ajax. I traced this to:
module ActionDispatch
class Request < Rack::Request
.....
def forgery_whitelisted?
get? || xhr? || content_mime_type.nil? || !
content_mime_type.verify_request?
end
end
so you don''t check if its a get? or a xhr? (ie ajax request). Is this
correct?
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to...