Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
78de17cf
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
78de17cf
编写于
2月 04, 2010
作者:
J
Jeremy Kemper
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Expose CSRF tag for UJS adapters
上级
127e5345
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
30 addition
and
1 deletion
+30
-1
actionpack/lib/action_view/helpers.rb
actionpack/lib/action_view/helpers.rb
+2
-0
actionpack/lib/action_view/helpers/csrf_helper.rb
actionpack/lib/action_view/helpers/csrf_helper.rb
+12
-0
actionpack/test/controller/request_forgery_protection_test.rb
...onpack/test/controller/request_forgery_protection_test.rb
+15
-1
railties/lib/generators/erb/scaffold/templates/layout.html.erb
...ies/lib/generators/erb/scaffold/templates/layout.html.erb
+1
-0
未找到文件。
actionpack/lib/action_view/helpers.rb
浏览文件 @
78de17cf
...
...
@@ -7,6 +7,7 @@ module Helpers #:nodoc:
autoload
:AtomFeedHelper
,
'action_view/helpers/atom_feed_helper'
autoload
:CacheHelper
,
'action_view/helpers/cache_helper'
autoload
:CaptureHelper
,
'action_view/helpers/capture_helper'
autoload
:CsrfHelper
,
'action_view/helpers/csrf_helper'
autoload
:DateHelper
,
'action_view/helpers/date_helper'
autoload
:DebugHelper
,
'action_view/helpers/debug_helper'
autoload
:FormHelper
,
'action_view/helpers/form_helper'
...
...
@@ -40,6 +41,7 @@ module ClassMethods
include
AtomFeedHelper
include
CacheHelper
include
CaptureHelper
include
CsrfHelper
include
DateHelper
include
DebugHelper
include
FormHelper
...
...
actionpack/lib/action_view/helpers/csrf_helper.rb
0 → 100644
浏览文件 @
78de17cf
module
ActionView
module
Helpers
module
CsrfHelper
# Returns a meta tag with the request forgery protection token for forms to use. Put this in your head.
def
csrf_meta_tag
if
protect_against_forgery?
%(<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>)
.
html_safe
end
end
end
end
end
actionpack/test/controller/request_forgery_protection_test.rb
浏览文件 @
78de17cf
...
...
@@ -15,13 +15,17 @@ def unsafe
render
:text
=>
'pwn'
end
def
meta
render
:inline
=>
"<%= csrf_meta_tag %>"
end
def
rescue_action
(
e
)
raise
e
end
end
# sample controllers
class
RequestForgeryProtectionController
<
ActionController
::
Base
include
RequestForgeryProtectionActions
protect_from_forgery
:only
=>
:index
protect_from_forgery
:only
=>
%w(index meta)
end
class
FreeCookieController
<
RequestForgeryProtectionController
...
...
@@ -211,6 +215,11 @@ def setup
ActiveSupport
::
SecureRandom
.
stubs
(
:base64
).
returns
(
@token
)
ActionController
::
Base
.
request_forgery_protection_token
=
:authenticity_token
end
test
'should emit a csrf-token meta tag'
do
get
:meta
assert_equal
%(<meta name="csrf-token" content="#{@token}"/>)
,
@response
.
body
end
end
class
FreeCookieControllerTest
<
ActionController
::
TestCase
...
...
@@ -238,6 +247,11 @@ def test_should_allow_all_methods_without_token
assert_nothing_raised
{
send
(
method
,
:index
)}
end
end
test
'should not emit a csrf-token meta tag'
do
get
:meta
assert
@response
.
body
.
blank?
end
end
class
CustomAuthenticityParamControllerTest
<
ActionController
::
TestCase
...
...
railties/lib/generators/erb/scaffold/templates/layout.html.erb
浏览文件 @
78de17cf
...
...
@@ -4,6 +4,7 @@
<title>
<%=
controller_class_name
%>
:
<%%
=
controller
.
action_name
%>
</title>
<%%
=
stylesheet_link_tag
'scaffold'
%>
<%%
=
javascript_include_tag
:defaults
%>
<%%
=
csrf_meta_tag
%>
</head>
<body>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录