search for: ft51

Displaying 1 result from an estimated 1 matches for "ft51".

Did you mean: f951
2010 Sep 21
7
Ajax CSRF in Rails3
I''m using rails3. It does not seem to check the authenticity_token when doing a POST using Ajax. I traced this to: module ActionDispatch class Request < Rack::Request ..... def forgery_whitelisted? get? || xhr? || content_mime_type.nil? || ! content_mime_type.verify_request? end end so you don''t check if its a get? or a xhr? (ie ajax request). Is this correct? --