- 11 5月, 2011 1 次提交
-
-
由 David Lee 提交于
-
- 08 4月, 2011 1 次提交
-
-
由 James Robinson 提交于
Improved formatting of csrf_helper and improved test coverage
-
- 09 2月, 2011 1 次提交
-
-
由 Michael Koziarski 提交于
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
-
- 07 2月, 2011 1 次提交
-
-
由 Dan Pickett 提交于
[#6228 state:committed] Signed-off-by: NSantiago Pastorino <santiago@wyeworks.com>
-
- 06 2月, 2011 1 次提交
-
-
由 Timothy N. Tsvetkov 提交于
Added tests for form_for and an authenticity_token option. Added docs for for_for and authenticity_token option. Added section to form helpers guide about forms for external resources and new authenticity_token option for form_tag and form_for helpers. [#6228 state:committed] Signed-off-by: NSantiago Pastorino <santiago@wyeworks.com>
-
- 10 1月, 2011 1 次提交
-
-
由 Jakub Kuźma 提交于
-
- 27 9月, 2010 1 次提交
-
-
由 Emilio Tagua 提交于
-
- 14 9月, 2010 1 次提交
-
-
由 Xavier Noria 提交于
get csrf_meta_tag back to the generated layout in deference to existing printed material, chomp also the generated HTML to be faithful to the output before the refactor
-
- 11 9月, 2010 1 次提交
-
-
由 Xavier Noria 提交于
revises implementation and documentation of csrf_meta_tags, and aliases csrf_meta_tag to it for backwards compatibilty
-
- 17 8月, 2010 1 次提交
-
-
由 Xavier Noria 提交于
code gardening: we have assert_(nil|blank|present), more concise, with better default failure messages - let's use them
-
- 05 2月, 2010 5 次提交
-
-
由 Jeremy Kemper 提交于
-
由 Jeremy Kemper 提交于
-
由 Jeremy Kemper 提交于
-
由 Jeremy Kemper 提交于
-
由 Jeremy Kemper 提交于
-
- 31 1月, 2010 1 次提交
-
-
由 Joshua Peek 提交于
-
- 19 11月, 2009 1 次提交
-
-
由 Jeremy Kemper 提交于
-
- 18 11月, 2009 1 次提交
-
-
由 Jeremy Kemper 提交于
-
- 17 8月, 2009 1 次提交
-
-
由 Joshua Peek 提交于
Cleanup route reloading in tests. Prefer with_routing over using ActionController::Routing::Routes directly
-
- 16 4月, 2009 1 次提交
-
-
- 09 3月, 2009 1 次提交
-
-
由 Jeremy Kemper 提交于
[#1617 state:resolved]
-
- 23 11月, 2008 1 次提交
-
-
由 Michael Koziarski 提交于
This deprecates the use of :secret and :digest which were only needed when we were hashing session ids.
-
- 13 11月, 2008 1 次提交
-
-
由 Jeff Cohen 提交于
Signed-off-by: NMichael Koziarski <michael@koziarski.com>
-
- 08 11月, 2008 1 次提交
-
-
由 Jeremy Kemper 提交于
-
- 12 5月, 2008 1 次提交
-
-
由 Peter Jones 提交于
The session is used by the form_authenticity_token method before it is tested to be valid. This patch moves a few lines around so that the session is validated first. Without this patch, if you try to use forgery protection with sessions turned off, you get this exception message: undefined method `session_id' for {}:Hash The patch includes a test that can be used to see this behavior before the request_forgery_protection.rb file is patched to fix it.
-
- 06 5月, 2008 2 次提交
- 09 1月, 2008 1 次提交
-
-
由 Michael Koziarski 提交于
Don't append the forgery token to an ajax request if it's serializing a form, prevents duplicate tokens. Closes #10684 [macournoyer] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8598 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 05 1月, 2008 1 次提交
-
-
由 Jeremy Kemper 提交于
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8564 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 02 10月, 2007 1 次提交
-
-
由 Jeremy Kemper 提交于
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7719 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 29 9月, 2007 2 次提交
-
-
由 Rick Olson 提交于
Better error messages if you leave out the :secret option for request forgery protection. Closes #9670 [rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7671 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
由 Michael Koziarski 提交于
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7670 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 28 9月, 2007 1 次提交
-
-
由 Rick Olson 提交于
Allow ability to disable request forgery protection, disable it in test mode by default. Closes #9693 [lifofifo] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7668 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 26 9月, 2007 1 次提交
-
-
由 David Heinemeier Hansson 提交于
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7636 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 25 9月, 2007 1 次提交
-
-
由 David Heinemeier Hansson 提交于
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7623 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 24 9月, 2007 1 次提交
-
-
由 Rick Olson 提交于
Rename some RequestForgeryProtection methods. The class method is now #protect_from_forgery, and the default parameter is now 'authenticity_token'. [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7596 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-
- 23 9月, 2007 1 次提交
-
-
由 Rick Olson 提交于
Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests. [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7592 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-