Change the request forgery protection to go by Content-Type instead of...
Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" [#73 state:resolved]
Showing
想要评论请 注册 或 登录