search for: csfr

...t a new token. Then he changes to the first tab again and submits a form on that site (e.g. registration). Then he will get an InvalidAuthenticityToken error, but it was a legal and common user behavior rather that request forgery. - Is there a way to store e.g. a map with POST URLs as keys and CSFR tokens as values? - Or storing a list of the last n CSFR tokens? The authentication procedure should then first check the newest token etc. Luma -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group an...

Hi all, I think CSFR protection broke in rails 2.3.11. As in: it''s turned off now. I tried this in rails 2.3.10 and in 2.3.11 and 2.3.11 seems broken. >rails csrftest >cd csrftest >script/generate scaffold post title:string >rake db:migrate now I visit /posts/new in my browser, use firebug to de...