This project is archived and is in readonly mode.

#106 ✓resolved
James Le Cuirot

authenticity_token appears in URLs after AJAX GET request

Reported by James Le Cuirot | May 4th, 2008 @ 12:00 PM

If you create an AJAX request via remote_function and specify GET as the method, the authenticity_token parameter is added even though it isn't needed. Consequently, the authenticity_token appears in some URLs such as pagination links on the following page.

This patch ensures that the parameter is not added for GET requests. It checks against js_options rather than options to avoid the confusion surrounding method_option_to_s.

This has been tested with edge and 2.0.2.

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Attachments

Pages