- 23 11月, 2008 1 次提交
-
-
由 Michael Koziarski 提交于
This deprecates the use of :secret and :digest which were only needed when we were hashing session ids.
-
- 13 11月, 2008 1 次提交
-
-
由 Jeff Cohen 提交于
Signed-off-by: NMichael Koziarski <michael@koziarski.com>
-
- 08 11月, 2008 1 次提交
-
-
由 Jeremy Kemper 提交于
-
- 12 5月, 2008 1 次提交
-
-
由 Peter Jones 提交于
The session is used by the form_authenticity_token method before it is tested to be valid. This patch moves a few lines around so that the session is validated first. Without this patch, if you try to use forgery protection with sessions turned off, you get this exception message: undefined method `session_id' for {}:Hash The patch includes a test that can be used to see this behavior before the request_forgery_protection.rb file is patched to fix it.
-
- 06 5月, 2008 2 次提交
- 09 1月, 2008 1 次提交
-
-
由 Michael Koziarski 提交于
Don't append the forgery token to an ajax request if it's serializing a form, prevents duplicate tokens. Closes #10684 [macournoyer] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8598 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 05 1月, 2008 1 次提交
-
-
由 Jeremy Kemper 提交于
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8564 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 02 10月, 2007 1 次提交
-
-
由 Jeremy Kemper 提交于
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7719 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 29 9月, 2007 2 次提交
-
-
由 Rick Olson 提交于
Better error messages if you leave out the :secret option for request forgery protection. Closes #9670 [rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7671 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
由 Michael Koziarski 提交于
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7670 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 28 9月, 2007 1 次提交
-
-
由 Rick Olson 提交于
Allow ability to disable request forgery protection, disable it in test mode by default. Closes #9693 [lifofifo] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7668 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 26 9月, 2007 1 次提交
-
-
由 David Heinemeier Hansson 提交于
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7636 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 25 9月, 2007 1 次提交
-
-
由 David Heinemeier Hansson 提交于
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7623 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 24 9月, 2007 1 次提交
-
-
由 Rick Olson 提交于
Rename some RequestForgeryProtection methods. The class method is now #protect_from_forgery, and the default parameter is now 'authenticity_token'. [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7596 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 23 9月, 2007 1 次提交
-
-
由 Rick Olson 提交于
Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests. [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7592 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-