提交 · a3f5d7159d00a0c7c7d79d15652028ac13df30af · 张重言 / rails

06 2月, 2011 1 次提交

Added tests for form_for and an authenticity_token option. Added docs for... · b9309b47

由 Timothy N. Tsvetkov 提交于 2月 05, 2011

Added tests for form_for and an authenticity_token option. Added docs for for_for and authenticity_token option. Added section to form helpers guide about forms for external resources and new authenticity_token option for form_tag and form_for helpers.

[#6228 state:committed]
Signed-off-by: NSantiago Pastorino <santiago@wyeworks.com>

b9309b47

10 1月, 2011 1 次提交
- J
  
  authenticity_token option for form_tag [#2988 state:resolved] · 5106ce88
  由 Jakub Kuźma 提交于 12月 27, 2010
  
  5106ce88
27 9月, 2010 1 次提交
- E
  
  Fix indentation. · 535371e9
  由 Emilio Tagua 提交于 9月 22, 2010
  
  535371e9
14 9月, 2010 1 次提交

get csrf_meta_tag back to the generated layout in deference to existing... · 0207bc7c

由 Xavier Noria 提交于 9月 14, 2010

get csrf_meta_tag back to the generated layout in deference to existing printed material, chomp also the generated HTML to be faithful to the output before the refactor

0207bc7c

11 9月, 2010 1 次提交
- X
  revises implementation and documentation of csrf_meta_tags, and aliases... · a87b92db
  由 Xavier Noria 提交于 9月 11, 2010
```
revises implementation and documentation of csrf_meta_tags, and aliases csrf_meta_tag to it for backwards compatibilty
```
  a87b92db
17 8月, 2010 1 次提交
- X
  code gardening: we have assert_(nil|blank|present), more concise, with better... · fb6b8056
  由 Xavier Noria 提交于 8月 17, 2010
```
code gardening: we have assert_(nil|blank|present), more concise, with better default failure messages - let's use them
```
  fb6b8056
05 2月, 2010 5 次提交
- J
  
  Test that csrf meta content is html-escaped, too · 31f8a59c
  由 Jeremy Kemper 提交于 2月 04, 2010
  
  31f8a59c
- J
  
  Revert dumb test · 6bf79f02
  由 Jeremy Kemper 提交于 2月 04, 2010
  
  6bf79f02
- J
  
  HTML-escape csrf meta contents · 3062bc70
  由 Jeremy Kemper 提交于 2月 04, 2010
  
  3062bc70
- J
  
  Expose CSRF param name also · 2191aa47
  由 Jeremy Kemper 提交于 2月 04, 2010
  
  2191aa47
- J
  
  Expose CSRF tag for UJS adapters · 78de17cf
  由 Jeremy Kemper 提交于 2月 04, 2010
  
  78de17cf
31 1月, 2010 1 次提交
- J
  
  Move form_remote_tag and remote_form_for into prototype_legacy_helper · 9c2c307e
  由 Joshua Peek 提交于 1月 30, 2010
  
  9c2c307e
19 11月, 2009 1 次提交
- J
  
  Fix test bleed · 0dfd993e
  由 Jeremy Kemper 提交于 11月 18, 2009
  
  0dfd993e
18 11月, 2009 1 次提交
- J
  
  Extract form_authenticity_param instance method so it's overridable in subclasses · e1385be0
  由 Jeremy Kemper 提交于 11月 17, 2009
  
  e1385be0
17 8月, 2009 1 次提交
- J
  Cleanup route reloading in tests. Prefer with_routing over using... · 24ad9ae3
  由 Joshua Peek 提交于 8月 16, 2009
```
Cleanup route reloading in tests. Prefer with_routing over using ActionController::Routing::Routes directly
```
  24ad9ae3
16 4月, 2009 1 次提交
- R
  
  Don't check authenticity tokens for any AJAX requests · 256b0ee8
  由 Ross Kaffenburger and Bryan Helmkamp 提交于 3月 04, 2009
  
  256b0ee8
09 3月, 2009 1 次提交
- J
  Ruby 1.9 compat: rename deprecated assert_raises to assert_raise. · 1c36172c
  由 Jeremy Kemper 提交于 3月 08, 2009
```
[#1617 state:resolved]
```
  1c36172c
23 11月, 2008 1 次提交
- M
  Change the forgery token implementation to just be a simple random string. · 9fdb15e6
  由 Michael Koziarski 提交于 11月 20, 2008
```
This deprecates the use of :secret and :digest which were only needed when we were hashing session ids.
```
  9fdb15e6
13 11月, 2008 1 次提交
- J
  Changed request forgery protection to only worry about HTML-formatted content requests. · fbbcd6f2
  由 Jeff Cohen 提交于 10月 31, 2008
```
Signed-off-by: NMichael Koziarski <michael@koziarski.com>
```
  fbbcd6f2
08 11月, 2008 1 次提交
- J
  
  Move controller assertions from base TestCase to AC:: and AV::TestCase · c82e8e1f
  由 Jeremy Kemper 提交于 11月 07, 2008
  
  c82e8e1f
12 5月, 2008 1 次提交

Bug: Earlier Check for Session in Forgery Protection · 2a986200

由 Peter Jones 提交于 5月 07, 2008

The session is used by the form_authenticity_token method before it is
tested to be valid.  This patch moves a few lines around so that the
session is validated first.

Without this patch, if you try to use forgery protection with sessions
turned off, you get this exception message:

  undefined method `session_id' for {}:Hash

The patch includes a test that can be used to see this behavior before
the request_forgery_protection.rb file is patched to fix it.

2a986200

06 5月, 2008 2 次提交
- R
  
  change ActionController::RequestForgeryProtection to use Mime::Type#verify_request? [#73] · c8451aee
  由 rick 提交于 5月 06, 2008
  
  c8451aee
- R
  Change the request forgery protection to go by Content-Type instead of... · 0697d17d
  由 rick 提交于 5月 06, 2008
```
Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" [#73 state:resolved]
```
  0697d17d
09 1月, 2008 1 次提交

Don't append the forgery token to an ajax request if it's serializing a form,... · 5ef8a81b

由 Michael Koziarski 提交于 1月 08, 2008

Don't append the forgery token to an ajax request if it's serializing a form, prevents duplicate tokens. Closes #10684 [macournoyer]


git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8598 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

5ef8a81b

05 1月, 2008 1 次提交
- J
  require abstract_unit directly since test is in load path · 9d755f19
  由 Jeremy Kemper 提交于 1月 05, 2008
```
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8564 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
```
  9d755f19
02 10月, 2007 1 次提交

Ruby 1.9 compat, consistent load paths · 0ee1cb2c

由 Jeremy Kemper 提交于 10月 02, 2007

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7719 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

0ee1cb2c

29 9月, 2007 2 次提交

Better error messages if you leave out the :secret option for request forgery... · 82ff2776

由 Rick Olson 提交于 9月 28, 2007

Better error messages if you leave out the :secret option for request forgery protection.  Closes #9670 [rick]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7671 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

82ff2776

Add missing require · c1bdf027

由 Michael Koziarski 提交于 9月 28, 2007


git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7670 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

c1bdf027

28 9月, 2007 1 次提交

Allow ability to disable request forgery protection, disable it in test mode... · 5edc81dc

由 Rick Olson 提交于 9月 28, 2007

Allow ability to disable request forgery protection, disable it in test mode by default.  Closes #9693 [lifofifo]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7668 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

5edc81dc

26 9月, 2007 1 次提交
- D
  Protect button_to behind protect_from_forgery (closes #9675) [lifo] · 82c1fed8
  由 David Heinemeier Hansson 提交于 9月 25, 2007
```
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7636 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
```
  82c1fed8
25 9月, 2007 1 次提交
- D
  Change from InvalidToken to InvalidAuthenticityToken to be more specific · bdf56720
  由 David Heinemeier Hansson 提交于 9月 24, 2007
```
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7623 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
```
  bdf56720
24 9月, 2007 1 次提交

Rename some RequestForgeryProtection methods. The class method is now... · c6190038

由 Rick Olson 提交于 9月 23, 2007

Rename some RequestForgeryProtection methods.  The class method is now #protect_from_forgery, and the default parameter is now 'authenticity_token'.  [Rick]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7596 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

c6190038

23 9月, 2007 1 次提交

Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that... · 4e3ed5bc

由 Rick Olson 提交于 9月 23, 2007

Merge csrf_killer plugin into rails.  Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests.  [Rick]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7592 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

4e3ed5bc