TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Expose CSRF param name also

Browse Source
This commit is contained in:
Jeremy Kemper 2010-02-04 15:26:24 -08:00
parent 09a88a347d
commit 2191aa47ac
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
actionpack/lib/action_view/helpers/csrf_helper.rb
View File

@ -4,7 +4,7 @@ module CsrfHelper
# Returns a meta tag with the request forgery protection token for forms to use. Put this in your head.
def csrf_meta_tag
if protect_against_forgery?
%(<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
%(<meta name="csrf-param" content="#{Rack::Utils.escape(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
end
end
end

2
actionpack/test/controller/request_forgery_protection_test.rb
View File

@ -218,7 +218,7 @@ def setup
test 'should emit a csrf-token meta tag' do
get :meta
assert_equal %(<meta name="csrf-token" content="#{@token}"/>), @response.body
assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="#{@token}"/>), @response.body
end
end