Add text/plain to the browser_generated_types array as webkit and gecko can submit them.

For more information see: http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/

Add text/plain to the browser_generated_types array as webkit and gecko can submit them.
For more information see: http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
8c197fb4 · Michael Koziarski · 2530d0ee · 8c197fb4
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

actionpack/lib/action_controller/mime_type.rb actionpack/lib/action_controller/mime_type.rb +2 -2

未找到文件。
--- a/actionpack/lib/action_controller/mime_type.rb
+++ b/actionpack/lib/action_controller/mime_type.rb
@@ -25,7 +25,7 @@ class Type
    # These are the content types which browsers can generate without using ajax, flash, etc
    # i.e. following a link, getting an image or posting a form.  CSRF protection
    # only needs to protect against these types.
-    @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form]
+    @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text]
    cattr_reader :browser_generated_types


@@ -177,7 +177,7 @@ def ==(mime_type)
    end

    # Returns true if Action Pack should check requests using this Mime Type for possible request forgery.  See
-    # ActionController::RequestForgerProtection.
+    # ActionController::RequestForgeryProtection.
    def verify_request?
      browser_generated?
    end